In today’s interconnected world, the supply chain has become an increasingly vulnerable area, posing evolving risks and growing threats to business operations and the delivery of services. By understanding these risks, you can take proactive measures to fortify your cybersecurity posture and ensure the resilience of your business.
In the last few weeks, we’ve seen NHS Trusts in London and Hampshire forced to work at reduced capacity with medical services brought to a halt through the breach of an essential service provider. We’ve also seen a bank, concert promoters and other public facing outlets attacked, and sensitive personal data exposed due to their targeting by cyber criminals. These attacks against the supply chain are becoming a daily occurrence and a formidable threat, one that not only impacts the targeted supplier but also affects the broader digital ecosystem.
The supply chain offers cyber criminals the accessibility and exploitation of multiple targets through a single-entry point, which offers a greater reward for lower levels of risk. Whilst the attacker may see greater and more lucrative returns, the consequences of an attack of this nature are many, including financial losses to all parties and disruption of services, reputational damage and ultimately the theft and exposure of sensitive customer data. It’s not just the supplier that loses, the customer is also the target.
How are cyber criminals attacking the supply chain?
Gaining access to the supply chain is easier than you might expect. Increasingly threat actors are exploiting previously leaked or easily identifiable user credentials to gain initial access to platforms, bypassing traditional security measures. There is a growing criminal market for credentials across traditional social media channels and on the Dark Web. Other breaches occur due to the exploitation of unpatched or previously unknown vulnerabilities (zero-day) in supplier platforms. Some suppliers just fall victim to more traditional ransomware-based attacks where the malicious software (malware) laterally moves onto the client estate due to poor security controls at either end of the supply chain.
Despite growing efforts to secure the supply chain, we should expect attacks and the overall threat will continue to increase in the coming years. We all, as both suppliers and consumers, need to do more when it comes to securing ourselves from this growing threat as our dependency on externally sourced services will only grow.
The recent Snowflake data warehouse breach occurred due to the availability of compromised and stolen user credentials. Simple measures include the generation of more secure passwords, regular rotation, and more importantly greater efforts to secure passwords and login credentials for outsourced services and applications. Monitoring the internet for exposed credentials is also an option. A fair proportion of exposed credentials were stolen from earlier info stealer attacks against targeted users and then sold on to the attackers. If Snowflake had enforced multi-factor authentication for its customers, the breach could likely have been prevented as full access was achieved through username and password access, there was no further authentication step required.
It is up to all of us to maintain the integrity and security of the supply chain, we may not think it, but we come into contact with it daily, professionally, and personally. Whilst many organisations now have quite effective supply chain compliance processes in place, there is still a lack of effective security controls and policies for software, services and other supplier provided applications. Securing the supply chain requires a heightened awareness of the threat and its associated vulnerabilities and the need for organisations to adopt robust and resilient policies and approaches to better understanding the digital risks posed to its business by its suppliers and their third-party relationships.
Redcentric’s Cyber Services have consultants able to support those looking to develop policies and controls considered above. We can help advise on the threat landscape, governance, risk, and compliance related security topics and recommend other solutions and services that will enhance your overall security posture.
If you’d like to arrange an initial consultation, please reach out to your Account Manager or the wider team on sayhello@redcentricplc.com to help you improve your security posture.
