Supply chain attacks aren’t particularly new but as we’ve seen from the recent SolarWinds breach, these attacks can be devastating and have far-reaching consequences.
Supply chains are a vital part of business operations, but often these networks are large, diverse, and span a range of different countries. Typically, they won’t have the same robust cybersecurity defences in place which provides hackers with lots of weak points to exploit.
Why are supply chain attacks increasing?
The growing volume and severity of cyber attacks has prompted many organisations to invest heavily in cybersecurity. This tightening of defences has meant that hackers have had to become more creative in their attack methods and find new ways to infiltrate their primary target. The supply chain has provided hackers with an easy way to compromise much larger organisations.
There is also an inherent difficulty in detecting supply chain attacks. Most supply chain attacks will take place when hackers add a backdoor to a legitimate software application. This helps mask the malicious nature of the software, so it remains undetected by traditional cybersecurity defences.
Major supply chain attacks
Some of the biggest cyber-attacks in recent history have resulted from third-party breaches. In 2014, US retailer Target suffered a huge data breach when one of its third-party vendors was compromised. Attackers were able to use this trusted connection to infiltrate the company’s network and steal the credit card data of over 40 million customers.
In 2018, British Airways suffered a data breach through a similar method, exposing the personal data of over 500,000 customers. The attack was highly targeted and used malicious code to redirect customers to a fraudulent website that harvested their details.
One of the most notable and sophisticated supply chain attacks to date is the recent SolarWinds cyberattack. Although the breach came to light in December 2020, the hack is thought to have begun back in March when hackers injected malicious code into the company’s Orion software system.
The compromised software pushed out malicious updates to over 18,000 customers including the US Treasury, Commerce, State, Energy, and Homeland Security departments, as well as multiple Fortune 500 companies including Microsoft, Intel, Cisco, and Deloitte.
The malicious code created a backdoor to the customer’s IT systems, which in turn allowed hackers to install even more malware to help them spy on different companies and organisations.
Details of the attack are still emerging, but the sheer scale and complexity of the breach demonstrates just how damaging supply chain attacks can be and how far-reaching an impact they can have.
How to prevent supply chain attacks
As supply chain attacks become more sophisticated and prevalent, it’s essential that businesses take the right steps to reduce risk. Below are some practical steps your organisation can take:
1. Vet your supply chain
Taking the time to evaluate the security and privacy policies of all your suppliers can reduce the likelihood of a breach by 20%. Third-party suppliers should not be granted access to your network until you have fully vetted their current security practices. This should cover technical security controls as well as governance, risk, and compliance processes. By gaining full visibility to the risks posed by suppliers, your organisation can implement the right controls and processes to enable you to respond quickly and effectively to a breach.
2. Regular audits
Gaining access to sensitive data is often the primary motive behind all supply chain attacks. With this in mind, you should be taking all the necessary steps to protect your data by finding out where it resides and who has access. This will help determine how interconnected you are with your suppliers and what data and systems you share. In addition to performing an audit of your own network, you should also be auditing your third-party supplier’s activity on a regular basis. This will ensure that everyone is following the appropriate security controls and help identify any vulnerabilities.
3. Understand how supply chains are targeted
To address the risks posed to your business, you will need to gain a better understanding of how hackers could infiltrate your organisation. Attackers are becoming more creative in their attempts to compromise supply chains, but a large number of incidents can still be traced back to the theft of legitimate credentials to gain access to the main target’s network or by exploiting unpatched software. This can help inform your response to attacks and identify any areas that could be improved such as awareness training, regular software updates, and patching.
4. Third-party management and monitoring
It’s essential to regularly monitor and review activity between your organisation and third-party suppliers. This will help identify any unusual or suspicious activity. Logging activities on network devices and endpoints will make it easier to detect any anomalies which will prove invaluable in the event of a breach.
5. Form an incident response plan
It’s no good waiting until an attack happens before forming a response plan. To effectively deal with any incident that may arise, your organisation should have an incident response plan in place that will address the full range of incidents that could occur and set out appropriate responses. The supporting policy, processes, and plans should be risk-based and cover any regulatory reporting requirements. Third-party suppliers should also have an incident response plan in place so they can respond quickly to an attack and mitigate any potential risk to your business.
6. Cybersecurity awareness training
Every employee within your organisation needs to understand how data breaches can occur and how they can help identify threats and prevent attacks. Awareness training should educate staff on all aspects of security including company policies, password security, and social engineering attack methods. By gaining a better understanding of these threats, employees will be able to react quickly in the event of an attack and help protect your organisation’s systems and data.