Supply Chain Attacks

1234567891011121314151617181920
Across
  1. 2. Evaluation process for vendor cybersecurity controls before onboarding
  2. 3. Ongoing adherence to security standards and regulations
  3. 6. Type of attack often associated with data theft and extortion
  4. 7. What organizations lack regarding their vendors' security practices
  5. 9. Criminal demand made after stealing sensitive data
  6. 12. Ability to withstand and recover from supply chain vulnerabilities
  7. 13. Potential danger from attackers targeting the supply chain
  8. 15. Software Bill of Materials; transparency document for software components
  9. 17. Entertainment company affected by the 2024 Snowflake breach
  10. 19. Cloud platform targeted in a major 2024 data breach affecting 165+ organizations
  11. 20. Elevated access often required by vendors for system maintenance
Down
  1. 1. Third party relied upon by vendors, creating multi-layered supply chains
  2. 4. Continuous evaluation of vendor security posture
  3. 5. Stolen usernames and passwords used by attackers to access systems
  4. 8. Third-party worker whose compromise enabled access to customer data
  5. 10. Unauthorized access to sensitive data, as occurred in the 2024 incident
  6. 11. Federal agency providing cybersecurity framework standards for supply chain security
  7. 14. Complex network of vendors and their sub-vendors
  8. 16. Third-party provider whose compromise can lead to supply chain attacks
  9. 18. Multi-factor authentication; security control that could have prevented the 2024 breach