"24 supply chain attacks were reported from January 2020 to early July 2021" (ENISA, July 2021).
Within the context of a Supply Chain Attack, supplier assets are targeted and compromised by threat actors, which would then facilitate further attacks on other supplier and/or customer assets through the supply chain. This attack model has reportedly been gaining momentum.
The European Union Agency for Cybersecurity (ENISA) has just published a Threat Landscape Report specifically on Supply Chain Attacks that provides valuable information on trends, case studies and recommendations.
The MFSA would like to emphasise the importance of the careful consideration of threats associated with Supply Chain Attacks within the risk management processes of regulated financial entities including from an outsourcing perspective. Regulated financial entities should employ continuous monitoring to identify potential threats to, and vulnerabilities in, their Information and Communications Technologies, in a timely manner, whilst having sound patch management processes and practices in place.