Wednesday, December 4, 2024

Latest Posts:

CTS24 Concluded Last Week, Advancing Net-Zero Goals and Sustainable Solutions

The 3rd edition of the London Climate Technology Show concluded last week, paving a vital roadmap towards...

The Truth About Corporate Power Structures

Matt Mathison, former Goldman Sachs executive and veteran CEO who has built multiple...

Hurun UK Under30s list recognises 82 of Britain’s leading young founders

Global research group, The Hurun Research Institute, today releases the prestigious Hurun UK Under30s...

Supply chain vulnerabilities in particular are laid open by many VPN practices

Businesses are putting too great a reliance on VPNs to keep their organisations secure, according to managed service provider, Memset. A poorly managed VPN can expose an otherwise secure organisation to the unknown business and data security practices at the other end of the tunnel. This is of a special and growing issue among organisations’ supply chains, which have been shown to be the weak link in security, according to the most recent Government Cyber Governance Health Check report.

Thomas Owen, Head of Security at Memset commented:

“Site-to-site VPNs are often used to provide suppliers and third parties with reliable, encrypted access to otherwise locked-down portions of your internal network. This might be to enable support, or to allow the third party to interact with your data or systems. Acting in this mode, a VPN effectively connects one network to another by placing an encrypted wrapper around the traffic.

 

Acting similarly to a joining corridor between two independent buildings, the corridor may provide protection from the outside, but each party may now be sharing the contents, culture, personnel and practices of the other. In the same way a VPN can lead to sharing unintended traffic or access between two networks. Where one organisation has strong security controls and the other weak, this can provide an easy path for attackers into the soft underbelly of your digital estate. Not only can it lead to serious operational disruption, it can also cause significant financial and reputational damage.”

Many businesses, but especially SMEs, often deploy one or two ‘security’ controls and consider themselves to be secure enough. However, a ‘defence-in-depth’ approach, where multiple types and layers of controls overlap and support one-another is the only path to meaningful security in today’s world. It is highly likely that one or more secure elements of an organisation’s infrastructure will be breached. It is only when a combination of tightly interlocked measures is in place that attacks can be repelled.

VPNs have also been the recent target of Advanced Persistent Threat (APT) actors and the National Cyber Security Centre (NCSC) has published warning and advice to organisations on how to detect malicious activity, showing the growing vulnerability of this technology.

Owen continues: “VPNs are a relatively safe pipe, but without compensating controls you give up control of what flows through it. If an organisation has over-invested in ‘edge’ controls to ‘build a strong wall’, a VPN can also unwittingly cause all of these to be bypassed.  Cyber security leads need to widen their circle of concern outside of their organisation and work with their compatriots through the supply chain to handle data security effectively. This is particularly important as under the new GDPR norms, data processors and controllers share liability. Therefore, businesses must think about the security of the supplier before sharing access or organisational data.”

Latest

CTS24 Concluded Last Week, Advancing Net-Zero Goals and Sustainable Solutions

The 3rd edition of the London Climate Technology Show concluded last week, paving a vital roadmap towards...

The Truth About Corporate Power Structures

Matt Mathison, former Goldman Sachs executive and veteran CEO who has built multiple...

Hurun UK Under30s list recognises 82 of Britain’s leading young founders

Global research group, The Hurun Research Institute, today releases the prestigious Hurun UK Under30s...

Investment Migration Emerges as Key Climate Finance Solution at COP29

As world leaders at COP29 in Baku grapple with the challenge of mobilising USD 1 trillion annually in climate finance...

Subscribe To Our Content

Don't miss

CTS24 Concluded Last Week, Advancing Net-Zero Goals and Sustainable Solutions

The 3rd edition of the London Climate Technology Show concluded last week, paving a vital roadmap towards...

The Truth About Corporate Power Structures

Matt Mathison, former Goldman Sachs executive and veteran CEO who has built multiple...

Hurun UK Under30s list recognises 82 of Britain’s leading young founders

Global research group, The Hurun Research Institute, today releases the prestigious Hurun UK Under30s...

Investment Migration Emerges as Key Climate Finance Solution at COP29

As world leaders at COP29 in Baku grapple with the challenge of mobilising USD 1 trillion annually in climate finance...

VictoriaMetrics Efficiently Simplifies Log Complexity with VictoriaLogs

General Availability Delivers Unparalleled Performance and Scalability...

CTS24 Concluded Last Week, Advancing Net-Zero Goals and Sustainable Solutions

The 3rd edition of the London Climate Technology Show concluded last week, paving a vital roadmap towards...

The Truth About Corporate Power Structures

Matt Mathison, former Goldman Sachs executive and veteran CEO who has built multiple...

Hurun UK Under30s list recognises 82 of Britain’s leading young founders

Global research group, The Hurun Research Institute, today releases the prestigious Hurun UK Under30s...

LEAVE A REPLY

Please enter your comment!
Please enter your name here