How to find hidden data breaches and uncover threats in your supply chain

A company’s supply chain is like a body’s nervous system: a mesh of interconnected manufacturers, vendors, sub-contractors, service delivery firms, even coding and collaboration tools. The connected enterprise is an efficient enterprise.

Supply chain topics tend to focus on manufacturing and labour.  Yet there’s far less attention being given to another aspect of the supply chain, no less important: cybersecurity. When one node of the interconnected enterprise is breached, the pain can spread thick and fast.  


If your workforce eats, sleeps, travels or makes buying decisions, company data is at risk. Just think about the InterContinental Hotels or Uber data breaches. Was your CEO a customer?

Modern business runs on Software-as-a-Service (SaaS). They hold data on thousands of other companies, and those companies’ customers and partners. 


Even if SaaS is not your company’s business model, the same principle applies. Let’s say you’re an advisory firm in financial services, legal or accountancy – your clients’ account details, documents, intellectual property is a perfect reflection of just how tangled data in the modern enterprise is.



Now let’s imagine one of those companies – or your own – suffers a breach. In the interconnected supply chain, a breach creates a network effect that can have ramifications outside of the immediate havoc.


If your company relies on, or even just uses, SaaS services, third-party collaboration and coding tools, data, dashboarding or document storage services, your risk is real.

So how do you even begin to evaluate your risk in a networked economy given the inherent complexity of supply chain vulnerabilities.

• Where
  The Internet has many murky corners. Where exactly your breached company data will end up is hard to predict and even harder to find, not least because the Dark Web is, well, dark.
  
  

• What

  The kind of information a hacker may have on your company could be the beginnings of a research mission before a potential cyber attack, or a complete download of your entire active directory of users, ready for ransomware demands.

• Who 
  There are different levels of associated risks depending on who has been breached, and whose details are lurking in the hands of attackers. Hackers often target high-profile or senior leadership individuals to create additional publicity. 

Mitigating the “when” becomes a matter of urgency.