Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
[Security Rating] Discussion for supplier with IP in bad reputation
I wanted to deal with a topic that I consider very delicate and particular, which can have several interesting ideas.
I will tell you about a situation that happened to me, working for a large company in the financial sector, receiving the request from its TLC structure, to whitelist some vendor IP addresses in its perimeter systems, as the supplier was unable to work with continuity due to the blocking of some of its IPs. These IPs were blocked by SOC several months earlier due to their “bad reputation”, are classified as malicious IP addresses (Bots and spamming) by the major threat intelligence providers (both at the time of the blocking and at the time of the whitelisting request ).
The supplier, a small system integration company, has been working for this customer for several years and has never made available a budget to devote to security interventions and avoid situations of “bad reputation”.
The supplier presses for the opening of the IP otherwise this would cause the postponement of the expiry times foreseen for the end of certain activities to be postponed. However, the IT Security function, of which I share the thought, believes that allowing similar connections, by companies that do not take care of their culture to cyber Security, would cause a reputational loss of their brand. First of all, it is the supplier’s responsibility to protect their systems (and avoid obtaining a bad teputation of their IP) so as not to suffer damage to their brand, and also to follow the customer who might decide, so as not to also suffer damage to the. own brand, to use only certified customers who do not enjoy a sub-optimal reputation.
What do you think? Which side are you on?
Allow the supplier to work without delay despite the bad reputation (although there have been no malicious activities detected by these IPs in the customer’s network) or block the job until the supplier adapts to certain security requirements?
I’d like to know your opinion to increase the know-how in Cyber Security 😀
You must be logged in to reply to this topic.