by Martin Sandren
One of the lessons learned from 2021 is that ransomware can target any and all companies. Hailing from the country of meatballs and flatpack furniture, some of the most prominent ransomware attacks were made against the biggest food retailers and one of the smaller municipalities.
Each attack contains important lessons learned—like the ability to turn the complete outage of all point-of-sale systems into an opportunity for driving digital change and rolling out the new smart-phone-based checkout system while managing essential communications during the attack—but the unifying trend is that any and all organisations can be targeted. This fact presents a new challenge for enterprises who have traditionally focused their supply chain cybersecurity efforts on partners that handle sensitive data or provide services that involve information technology. In the new world, you may no longer have any cheese to sell as the firm that slices and ships cheese has been taken out in a ransomware attack…and trust that this is very upsetting, particularly if you are Dutch.
So, how can enterprises support partners who have very small or even nonexistent cybersecurity systems in place? It probably depends quite a bit on what kind of company you are, but as a retailer, we have found that although many of our main partners only have a small cybersecurity or IT department, they are very aware that they need to improve security or risk losing their entire IT infrastructure. We frequently field questions about cybersecurity from partners wanting to learn more about the topic. In many cases, relatively small efforts—such as community building—are also resulting in much improved resilience. The format that we have found works best is a virtual roadshow for a relatively small audience of similar partner companies.
Our experience has proven the importance of anchoring the discussions around identity topics such as privileged access management, multi-factor authentication, and basic account hygiene in a simple end-to-end ransomware attack model. Another important factor is to provide hands-on examples and to leave plenty of time for questions and discussion. If possible, it also helps to provide the information in the local language rather than in English.
We also recommend partnering with local cybersecurity organisations—such as your local IDPro chapter, OWASP, and other like-minded organisations—as well as local cybersecurity trade shows. With a little additional effort and attention to the needs of your partners, you can provide the support from cyberattacks that they so desperately need. And, of course, save the cheese.
Domain Architect IAM, AholdDelhaize
Martin Sandren is a security architect and delivery lead with over eighteen years of experience of various information security related roles. Primarily focused on security architecture and digital identity including global scale customer, privileged and internal IAM systems using Microsoft Azure Active Directory, Sailpoint, Saviynt, Forgerock, IBM and Oracle security stacks.
Experience includes architect, onshore and offshore team lead as well as individual developer. Wide international experience gained through having lived and worked in Sweden, Germany, UK, USA and the Netherlands. Martin is a frequent speaker at international conferences such as Consumer Identity World, MyData and European Cloud Conference.
In my role as domain architect IAM at AholdDelhaize I am responsible for IAM architecture and delivery of IAM services to our 450 000 users globally. Martin Sandren is a board member of the IdNext foundation, founder of the Digital Identity Amsterdam meetup and active within IDPro.