Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?


1 min read

Steps for Medium Sized Businesses to Address Cyber Supply Chain Risk

Aug 17, 2020 7:24:47 AM

Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see what’s running. 

Bad actors and security companies are always actively conducting reconnaissance to find vulnerabilities but often lack  additional context. This additional context is what should give a security team the advantage over bad actors running scrapers or scanners on the internet looking to take advantage of those vulnerabilities. 

Medium sized businesses should expect their larger customers and clients to contact them about potential vulnerabilities.  Generally the requests fall into three categories, according to AlixPartners’ Bill Varhol.

  • A news-worthy vulnerability that brings data at risk such as Heartbleed or Shellshock. Larger organizations are going to want to know what exactly is vulnerable and when is it going to be fixed.
  • Vendor onboarding diligence usually through questionnaires or security companies. These will often involve smaller scale vulnerabilities such as missing spf records or weak cryptography. However they can also include un-reviewed and automated findings with higher rates of false positives such as email addresses found on websites
  • Potential typo-squatting domains that a medium-sized business should be aware of
  • Outdated browser versions
  • Web-application vulnerabilities such as cookies without http-only flags
  • A suspicious email seemingly originating from a domain owned by the medium sized business.


Listen to Bill’s guidance for how medium sized businesses should prepare to address security issues like these with customers and clients:


Written by Landon Winkelvoss

Post a Comment