Loading Events

« All Events

  • This event has passed.

The Underestimated Risk of Cyber Supply Chain Attacks

19 August @ 12:00 - 14:00

The Underestimated Risk of Cyber Supply Chain Attacks

Despite the fact that there are still some serious security gaps, many companies perceive IT and cyber security now as part of their risk management. However, the quality of the technical and organizational measures and the available budget vary considerably. This is partly due to a lack of awareness of certain security issues at the decision-making levels and an assessment of the cost-benefit calculation. IT and cyber security is often not recognized in everyday work, and if it is, then only as an additional workload. What companies do perceive, however, is the damage that occurs when their own company is affected.

Dealing with supply chain attacks is not a new issue, but one that is still often underestimated. Supply chain attacks are often not taken into account in risk assessments and thus the opportunity to identify dependencies, build up suitable redundancies and better protect both interfaces and vulnerabilities of suppliers is missed.

In cyber supply chain attacks, attackers target vulnerabilities in supply chains for their malicious purposes. On December 13, 2020, FireEye reported the discovery of a widespread supply chain attack in which SolarWind’s Orion business software updates were trojanized to spread malware.  ORION is an IT monitoring and management software used by the vast majority of Fortune 500 companies, as well as many government agencies. Affected entities include government agencies as well as organizations in the consulting, technology, telecommunications, healthcare and oil and gas industries on four continents. According to SolarWinds, the vulnerability is likely the result of a sophisticated, targeted and manual supply chain attack by an unknown nation-state.

Symantec reported a 78% increase in supply chain attacks in 2018 in its 2019 Internet Security Threat Report, with the top 20 observed groups being particularly active.  Well-known groups such as Dragonfly have been using targeted suppliers to gain access to specific companies since 2011, with the targets in this case primarily located in the energy sector.

Against this background, BIGS, in cooperation with VTT Finland, one of the leading research institutions in Europe, has taken a closer look at the ecosystem of supply chains and considered the financial impact of attacks on them. We would like to present the main findings of this analysis in the familiar format of the PizzaSeminar, on August 19 from 12:00 – 14:00 at the IABG in Berlin Mitte.

 

Registration via mail to info@bigs-potsdam.org

 

Speakers:

Esther Kern (Research Fellow at BIGS)

Alexander Szanto (Research Fellow at BIGS)

Details

Date:
19 August
Time:
12:00 - 14:00
Event Category:
Event Tags:
,

Venue

Berlin-Mitte
Berlin, 10117 Deutschland + Google Map