Total Tests:

Attackers breached supplier systems to steal Airbus secrets

By Alex Scroxton for ComputerWeekly
Thursday, September 26, 2019

ImmuniWeb founder and CEO and penetration testing specialist Ilia Kolochenko observed that the act of targeting large enterprises through their suppliers and other trusted partners was not new.

“There is no need to undertake an expensive, time-consuming and risky assault of a castle if you can quickly get in via a loophole,” he said. “The problem is that most of the suppliers struggle to win bids in a highly competitive and turbulent global market, often in conscious disregard of cyber security fundamentals. Implementation of information security at a level comparable to their VIP customers will boost their internal costs, thereby considerably increasing their market prices, making them uncompetitive.

“Worse, large global companies such as Airbus have such a great wealth of countless trusted third parties across the globe that it would be virtually unfeasible to keep an eye on how cyber security is implemented at their suppliers without skyrocketing monitoring and compliance costs.

“Third-party risk management is still nascent in most of the organisations and is frequently composed of paper-based superfluous control. Nonetheless, we cannot rebuke these companies in doing so, as shareholders will unlikely agree to spend many millions on surveilling third parties at their own cost,” he said.

Kolochenko went on to explain that different national and regional security standards would make a tricky situation trickier still for the likes of Airbus. While globally recognised standards can ensure a baseline of security practice is in place, these standards would by no means guarantee protection, and additional monitoring of suppliers is needed. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential