Is Your Enterprise Using B2C or B2B Services: Understand The Threat Landscape

B2B Threat Landscape

This section provides an overview of the Threat landscape relevant to B2B services of an enterprise. This landscape only covers the security threats pertaining to infrastructure and network of enterprise business parties and third parties using B2B channels and services. It does not cover threats to external parties or business level B2B risks such as fraudulent use of B2B services.

 
Fig.1 Current & Emerging B2B Threat Landscape

This primarily specifies the threats that are specific to B2B channels; however third party organizations may be subject to additional threats from different channels (e.g. B2C) and in turn may be used to as a proxy to attack an enterprise infrastructure.

An enterprise data and system may be a target for numerous threats utilizing a number of threat vectors. The threats can often be more damaging than that from an external source because the third parties may have already gained access to an enterprise data/infrastructure. Therefore, in response to these threats an enterprise must be able to:

  • Understand the requirement of B2B communications and implement adequate physical, technology, and administrative controls to achieve defense-in-depth
  • Provide access to third-party organizations that is inline with the business requirements and defaults to least privileges
  • Assuming if there is a successful attack from third parties, ensure that an organization has the ability to rapidly respond to an incident in order to limit any adverse impact on the enterprise B2B infrastructure and services
  • Proactively identify new and emerging threats from the use of B2B communication and ensure the controls implemented are adequate for the risks posed.

B2C Threat Landscape

This section provides an overview of the Threat landscape relevant to B2C services of an enterprise. This landscape only covers the security threats pertaining to infrastructure and network of enterprise business parties and third parties using B2C channels and services. It does not cover threats to consumers through the use of B2C channels and services, or business level B2C risks such as fraudulent use of B2C services.

 
Fig.1 Current & Emerging B2C Threat Landscape

This provides a limited view of the B2C threats as it does not include those threats related to consumers (e.g. fraud) or specific to B2C applications (e.g. inadequate authentication level of B2C services.

The changing threat perspective coupled with recent Cyber attacks in B2C channels require that an enterprise must be able to:

  • Prepare its environment to effectively manage cyber risks by ensuring it has the right level of governance structure in place to enhance and maintain its predictive, preventative and detective security capabilities
  • Leverage the wealth of threat intelligence that is available to ensure awareness of the internal & external threats and pro-actively mitigate them
  • Assuming if there is a successful attack, ensure that an organization has the ability to rapidly respond to an incident in order to limit any adverse impact on the enterprise B2C infrastructure and services
  • Defend against successful cyber attacks by continuing to invest in enhancing and maintaining controls that protect the digital assets
     

Authored By - Abhishek Jain
TCS Cyber Security Practice

Rate this article: 
No votes yet
Article category: