Zero Trust & Basic Cyber Hygiene: Best Defense Against Third-Party Attacks

Zero Trust & Basic Cyber Hygiene: Best Defense Against Third-Party Attacks

Since the beginning of the year, there has been a slew of third-party cybersecurity attacks, with the repercussions affecting a number of companies in Singapore and across Asia. 

Personal information of 30,000 Singaporeans could have been unlawfully accessed last month as a result of a violation that targeted a third-party vendor of the Jobs and Employability Institute, a job-matching organization (e2i). The personal information of 580,000 Singapore Airlines frequent flyers and 129,000 Singtel customers was also compromised earlier this year due to third-party security breaches. 

A zero confidence architecture, according to Acronis CEO Serguei Beloussov, may have avoided third-party attacks like those involving Accellion and SIA. In terms of how supply chains are secured, he said, security policies should be enforced and followed. He emphasized the importance of monitoring and controlling as well as performing vulnerability assessment and penetration testing should be carried out. 

Kevin Reed, Acronis' chief information security officer (CISO), said that companies must be aware of who and what is accessing their data. This meant they'd have to evaluate their partners' trustworthiness on a regular basis, rather than only when a new contract was signed, he explained. 

To limit the risks of engaging with these suppliers, Finkelstein recommends questions should be asked about security measures they had put in place and whether connections with these suppliers were secured. According to Reed, prevention would be crucial. Since the majority of security threats today are opportunistic, he believes that organizations would be able to thwart the majority of them if they take preventative steps to reduce their chances of being hacked. 

The way to mitigate the r ..