The National Institute of Standards and Technology (NIST) has revised its "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations." Organizations can use the new guidance to protect themselves as they acquire and use technology products and services, NIST stated.
The updated guidance surfaces as MSPs and MSSPs seek to further lock down their own software supply chains from cyberattacks.
NIST's new guidance includes practices that organizations can develop to manage cybersecurity risks within and across their supply chains, the institute noted. It encourages organizations to consider vulnerabilities across technology products and services and their components.
In addition, NIST offers guidance for various groups to help them identify and mitigate supply chain risks, the institute stated. It also plans to provide a quick-start guide for organizations that want to implement its cybersecurity supply chain risk management best practices.
Supply Chain Attacks Could Become 'One of the Biggest Cyber Threats' to Global Organizations
Cybercriminals are increasingly targeting supply chains, according to the "2021 CrowdStrike Global Security Attitude Survey" of 2,200 IT decision-makers from global organizations. Key findings from the survey included:
- 45 percent experienced at least one software supply chain attack in the last 12 months.
- 59 percent of respondents that suffered their first software supply chain attack did not have a response strategy
- 84 percent said they believe that software supply chain attacks could become one of the biggest cyber threats to their organization within the next three years.
Supply chain attacks and becoming more sophisticated and persistent, CrowdStrike pointed out. Meanwhile, today's organizations must consider a variety of technologies and tools to keep pace.
RMM, PSA and ITSM Software: Supply Chain Security
MSPs and MSSPs should check in with their IT management software providers to learn what steps they are taking to harden and monitor supply chain software security. In many cases, RMM (remote monitoring and management), PSA (professional services automation) and IT service management (ITSM) software platforms are gaining new capabilities to help partners improve their own cybersecurity posture, while mitigating supply chain attack risks that extend out to end-customers.
