Supply chain attacks occur when a hacker targets a vulnerable party to access businesses they work in partnership with, using the hacked party’s legitimate permissions to gain access to the real target. Because of how digitally interconnected businesses are today, these types of attacks are becoming more common and more difficult to avoid. Here are some insights to help you incorporate supply chain security into your overall IT security strategy.
Supply chain attacks are increasing globally
Last year, the SolarWinds supply chain attack allowed cyberattackers to send malware through to 18,000 of the company’s customers who downloaded it, allowing them to focus their attack on 100 specific targets. Similarly, the Kaseya supply chain attack sent ransomware to over 1,500 customers who downloaded the legitimate-looking update, locking them out of their systems as a result. These attacks made businesses, schools, and government agencies all over the world vulnerable, making it the number one rising cybersecurity threat for 2022.
According to the European Union Agency for Cybersecurity (ENISA), these attacks focus primarily on the supplier’s code, with 58% targeting data access, 62% exploiting inherent trust in your suppliers, and 62% relying on malware to get the job done. In July, the ENISA predicted that these types of attacks would increase four-fold in 2021 alone!
Protecting your own business is not enough
Modern supply chains and partnerships with third parties rely heavily on the sharing of sensitive data to be effective, and just one weak link will compromise every party on that chain – even if your security is top class.
This is because that party has legitimate access to your network and systems and because you rely on trusting that third party. For example, if you use a certain brand of software and the vendor contacts you by email with a new patch to apply, you’re probably going to do it without thinking twice. However, if that vendor has been hacked and doesn’t know it yet, you could very well be downloading ransomware or other malware onto your network. Because of their position of trust, hackers may also be allowed to access certain data on your network, stealing it or selling it while you’re unaware that you’re under attack.
No matter how strong your walls are, they can’t protect you from an enemy that you’ve allowed in.
What’s the answer?
This calls for a much more expansive IT security policy. One where businesses on your supply chain follow supply chain security best practices, where the principle of least privileged access is applied, and where you know who is on your supply chain and what they each have access to. It also means auditing your supply chain and selecting vendors who comply with best practices. This is a complex process but it’s key to reducing these vulnerabilities in a meaningful way. Fortunately, it can be guided effectively by the right IT consulting partners.
At Otto, we’re here to protect your organisation and your people against ransomware, IT scams, and other IT security risks. We’ll help you educate your team, ensure you have the best IT protection for your business and be ready to act if your data or people are compromised. Whether you have remote teams, need a backup solution, or aren’t sure what provider is best for your business, we can help you out. Just think of us as your IT department.