As if 2020 hadn’t already been a turbulent enough year for businesses, the recent supply chain cyber attack on SolarWinds has caused concern for many organizations. Victims involved include major US government agencies such as the Treasury Department, Commerce Department, and even the Pentagon. In this article we are going to explain what exactly is a supply chain cyber attack, and how you can boost your supply chain security to help prevent yourself becoming a victim.
What is a supply chain cyber attack?
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting unsecure points within their supply chain. This is done by targeting a company, identifying businesses within their supply chain that have weak cybersecurity, and then tampering with these businesses by installing malware that will affect the target company further down the supply chain.
It is vital to have performed proper cybersecurity assessments to avoid the problems this may lead to, which include hackers gaining sensitive customer and supplier information, or a disruption of the manufacturing and business processes. One of the potentially most long-lasting effects is damage to the business’ reputation, and unfortunately whether the cybersecurity weakness was in your business or your suppliers, you are likely to still be held responsible by your customers.
In the case of SolarWinds a hacking group named Cozy Bear successfully installed malware inside an update of SolarWinds’ Orion IT monitoring and management software that was distributed by the company in March, leading to SolarWinds unknowingly installing these trojanized updates to an array of companies. Once installed the malware contacts a command-and-control network run by Cozy Bear, which enables them to enter the companies network with greater ease and gain the information they are seeking.
Steps you can take to improve your supply chain security
It is important to continuously perform cybersecurity assessments for your company to ensure your cyber safety. It can be tricky when it comes to supply chain security because often firms are unsure whether they should be responsible for their supplier’s security. However, as mentioned previously, whether it is your fault or a supplier, falling victim to a cybersecurity attack can, and often will, reflect badly on all businesses involved, especially if it involves a loss of customer data.
One way to reduce the risk of a supply chain cyber attack is to continuously perform vendor risk assessments. Setting up a process to ensure your suppliers have strong security can help to protect against unauthorized and potentially malicious changes, and reduce the risk of vulnerabilities within your network. It is particularly important to perform a vendor risk assessment when a new supplier has been brought into the company, and it can be done by creating a questionnaire for the supplier. The key information to find is what security programs and protocols the supplier has in place, how they perform their own cybersecurity assessments, and how they protect their customer data. It is also worth considering using a cybersecurity professional to perform vendor risk assessments.
Another way to improve supply chain security is to share intelligence and stay in contact with your supply chain, creating improved supply chain visibility (SCV). SCV refers to a company’s ability to locate their products at any point within the supply chain.One of the key ways to reduce the risk or impact of a breach on your supply chain is to ensure you are open and honest with each other when it comes to potential attacks. Continuously review your contracts with suppliers and hold them accountable for their cybersecurity assessments, making sure to have a process in place to alert each other as soon as possible should a potential threat arise. Some businesses even choose to keep the companies they work with to a small number of trusted suppliers to help reduce their risk even further.
If you are looking for more ways to ensure your supply chain security then we recommend getting a cybersecurity professional to perform a full risk and cybersecurity assessment. At Euclid Security we are experts in cybersecurity and we offer our high-quality assessment services worldwide to help keep your business as safe as possible. If you are interested in finding our more then please get in touch today for a no obligation discussion.
Tags: supply chain security, cybersecurity assessment, supply chain cyber attack