Securing the Chain: Proactive Strategies to Mitigate Supply Chain Cyberattacks

Just like how we learned to come to terms with COVID and embrace the “new normal”, cybersecurity also needs to be part of that new normal.

Adobe Stock 506885664

The supply chain is one of the cyber criminals’ favorite targets. Reason? Once they discover the weakest link, it’s easier to wreak havoc, given the domino effect that is sure to ensue.

Supply chain being a crucial component of the global economy- in whatever industry, is a complex chain that, unfortunately, is more than ready to be exploited by cyberattacks. Despite the widespread awareness of the current cyber landscape, there exists a notable discrepancy between knowledge and action. Taking cybersecurity seriously is the first step. Just like how we learned to come to terms with COVID and embrace the “new normal”, cybersecurity also needs to be part of that new normal.

Identifying the Dangers lurking behind the Curtain  

Businesses benefit from leveraging third-party services to streamline their processes, increase efficiency, and enable data-driven decision-making. However, it’s important to acknowledge that with more third-party vendors handling sensitive data, the attack surface of a typical enterprise has changed dramatically. A 2022 survey points out that supply chain attacks that solely target the software, hardware, or services of a third-party vendor affect 62% of the organizations. This interconnectedness among various services means that a breach in one vendor can cause a cascading series of detrimental consequences on the entire system.  

Supply chain attacks have begun to transcend international borders. The SolarWinds breach serves as an illustrative example of such an attack. A hacker group infiltrated computer systems across various U.S. government departments by compromising SolarWinds, the company responsible for Orion, a network and applications monitoring platform. Unfortunately, most of the organizations lack the necessary preparedness to effectively identify and prevent such threats.

Given the potential damage a supply chain attack can create, it is crucial to categorize vendors based on their risk profiles. Each third-party should be prioritized based on factors such as their vulnerability level, access to data and systems and the potential impact they could have on your organization. While ransomware groups continue to evolve and invest in their malicious activities, it is equally important for third-party vendors to prioritize enhancing their security measures.

Business owners should be well-informed about the security status of the vendors they rely on. For instance, Chief Information Security Officers (CISOs) can assess the cybersecurity posture of vendors by using questionnaires as an evaluation method. Additionally, businesses can educate and support vendors in implementing necessary security measures. Regulatory bodies also play a vital role in ensuring supply chain security. They can establish frameworks, standards and regulations that enforce cybersecurity practices across the entire chain.

Compliance with these regulations fosters a culture of accountability and awareness, ultimately making the entire supply chain more resilient. Supply chain attacks have become increasingly diverse in their methods, including malicious code injection, pre-installed malware, compromised software and stolen certificates. As a result, third-party vendors must broaden their search for cybersecurity measures to withstand these evolving threats.  

Evolving from Aging Hardware & Legacy System  

The supply chain has expanded beyond traditional boundaries with barcode scanners, rugged devices, and kiosks, calling for security solutions that go beyond the classic "castle and moat" approach. Depending solely on Virtual Private Networks (VPN) that instantly trust endpoints within predefined perimeters will no longer suffice. As networks grow larger, it's crucial for businesses to embrace the "trust no one" rule. In response to this setback, the US government has made it mandatory to implement a zero-trust architecture (ZTA). Adopting a ZTA means that users have to go through three layers of authentication to be considered trustworthy- verifying their identity, their devices, and their access privileges.

The process of implementing a ZTA begins with maintaining an inventory of the users and enterprise assets logged on to the corporate network. Nowadays, physical stores heavily rely on IoT devices like stock checkers, smart shelves and predictive maintenance equipment. While we have been striving to make factories smarter to enhance efficiency and productivity, the scope of these devices has altered the cybersecurity landscape. Many of these devices gather sensitive customer information, such as their behavior, preferences, movements and financial details. Surprisingly, many vendors continue to use outdated passwords and encryption techniques to secure these devices. 

With numerous devices connected to the cloud, it's wise to invest in a unified endpoint management (UEM) strategy. This allows IT administrators to have a comprehensive view of the assets or connected devices used by different users, along with information about their compliance status and location. By implementing UEM into the security architecture, admins gain the ability to troubleshoot and manage endpoints remotely. For example, through UEM, they can remotely install, uninstall or block applications without any hassle.

Educating Stakeholders to thrive under a Cyber Espionage  

One of the biggest vulnerabilities in any organization's cybersecurity defenses is the human factor. In the spring of 2021, there was a major cyberattack that targeted America, and it all started with a seemingly routine software update from SolarWinds, a company based in Texas. While this incident raised many questions and sparked speculation about the reasons behind the attack, one aspect that received a lot of criticism was the weak password setup, particularly the use of "Solarwinds123" as the password for a File Transfer Protocol (FTP) site. The fact that an intern ended up being blamed emphasizes the significance of comprehensive cybersecurity training programs for every stakeholder contributing to the security of the chain.  

To mitigate such risks, organizations should invest in establishing robust cybersecurity training initiatives and ensuring that every entity understands their role in maintaining security.

Additionally, organizations must have a written Incident Response Plan (IRP) in place and regularly exercise it. This plan should outline the steps an organization needs to take prior, during and following an actual or prospective security incident. It's important to recognize that cybersecurity is a shared responsibility. Singling out a sole entity for blame in the wake of an assault diverts attention from the more significant fundamental issues that call for collective action. Instead, embracing this shared responsibility not only protects critical assets but also builds trust among stakeholders and safeguards against the ever-evolving cyber threat landscape.