Securing the Cyber Supply Chain: A Risk-based Approach to Threat Assessment and Mitigation

The system of Cyber Supply Chain (CSC) is characterized by its complexity, consisting of several subsystems, each responsible for a distinct set of responsibilities. Securing the supply chain presents a challenge due to the presence of vulnerabilities and threats throughout the system that has the potential to be taken advantage of at any time, considering that any component of the system is susceptible to such attacks. As a result, supply chain security is difficult to achieve. This has the potential to create a significant interruption to the overall continuity of the company. Therefore, it is of the utmost importance to identify the hazards and make educated guesses about their likely outcomes so that organizations can take the appropriate precautions to ensure the safety of their supply chains. By leveraging a range of factors, such as the expertise and incentives of threat actors, Tactics, Techniques, and Procedures (TT and P), as well as Indicators of Compromise (IoC), the analysis of Cyber Threat Intelligence (CTI) offers valuable information on both identified ansignd unidentified cybersecurity threats. In order to increase the safety of the cyber supply chain, the purpose of this article is to investigate and speculate on potential dangers. The CTI and Machine Learning (ML) approaches have been employed by us in order to study and forecast the risks based on the CTI attributes. This makes it possible to detect the inherent CSC vulnerabilities, which enables suitable control. To enhance the overall security of computer systems, it is imperative to implement specific actions, including the collection of CTI data and the adoption of various machine learning techniques. These techniques encompass Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF), Decision Tree (DT), Cat Boost, and Gradient Boost, which are employed in analyzing the Microsoft Malware Prediction dataset to create predictive analytics. This is done in order to illustrate that the technique can be applied to a variety of situations.As input parameters, the experiment takes into account the assault and the TTP, while as output parameters, it takes into account vulnerabilities and indicators of compromise (IoC). According to the findings of the investigation, the most foreseen dangers in CSC are spyware and ransomware, as well as spear phishing. When it came to forecasting vulnerabilities, the predictive models that were produced using the Random Forest algorithm obtained the best accuracy rate of 91%, while the predictive models that were developed using the LR method earned the highest accuracy rate of 86%. In light of the results, the paper strongly advise putting appropriate controls into place in order to combat these dangers. The paper strongly recommend that the ML predicate model make use of CTI data in order to improve the CSC’s cyber security on the whole.