One of 2021’s biggest cybersecurity storylines has been a jump in supply chain attacks. Up by a factor of 4X, hackers are exploiting vulnerabilities by riding into a system through the trusted companies you count on to do your job. These breaches are effective because they have a few particularly nasty characteristics that make them hard to detect and extremely destructive.
The breaches first arrive through a software supplier you know and trust, using a Trojan horse attack that’s inside your system before anyone realizes what’s happening. After your network is compromised, the breach cascades outward via the same method that compromised your network to begin with, traveling to scores of partner companies using the same software.
Because of attacks like these, protecting your organization no longer means simply having your IT house in order. As supply chain attacks pick up speed, securing your daily operations requires taking a hard look at the security procedures followed by your trusted vendors as well
How Supply Chain Attacks Work
Let’s break down the famous 2021 supply chain attack on Kaseya, an IT management software provider that mainly serves Managed Service Providers or MSPs, (companies that provide IT services for clients). On July 2, Kaseya’s incident response team identified a security incident related to a Kaseya tool that delivers automated software patching, remote monitoring, and other capabilities MSPs use to serve their customers.
By only breaking into Kaseya, the threat actors eventually infected 50-60 MSPs. From there, they infected approximately 1,500 of the MSPs’ clients and encrypted the victims’ data, effectively shutting down systems and networks. At this point, the ransom demands started. To highlight one example, the Swedish supermarket chain, Coop, closed 800 stores when its cash registers and payment processing systems went down—all because of a breach that was originally two steps removed from their systems.
How to Strengthen Your Defense
Manufacturing companies have extensive supplier lists and partners, so it can seem impossible to sufficiently protect yourself, but it’s not. To mitigate the risk of supply chain attacks, we recommend logging all network access, establishing vendor management programs, implementing an XDR system, and closely monitoring your internal software builds.
1. Log and monitor all third-party access into your network.
Logging and monitoring all third-party access means keeping a close eye on anyone tapping into your inventory system, design documents, etc. Ensure staff doesn’t have access to data beyond the minimum they need to do their job.
2. Establish a solid vendor management program.
Your business depends on knowing the security practices of every third party you work with, including their incident response plans and cyber insurance policies. You may consider creating a security questionnaire that vendors must complete. You also may want to require third-party certifications such as SOC 2 for your vendors
3. Implement an extended detection and response (XDR) system.
An extended detection and response (XDR) system is a next-generation security platform built to recognize brewing threats on your system, automatically shutting them down. With this kind of thorough defense in place, hackers are severely limited in what they can do, even if they sneak into your system through one of your partners’ software. XDR doesn’t just guard against known malicious files, but also guards against activity that looks malicious.
4. Review the security of your own software development life cycle.
Software teams working on automation or other internal projects often use open-source code that speeds up their work, but hackers can install malicious packages without the developer’s knowledge. This can result in vulnerabilities for in-house software. To protect against this, monitor and regulate software repositories to secure software development and ensure continued integrity. We recommend implementing an audit of software dependencies and version-locked dependencies during application auditing.
Your organization may not directly maintain these dependencies, and obviously can’t control what your partners do, but they directly impact your security and it’s important to take action now.
We are proud to highlight our partners and friends. Opinions expressed by contributors are their own.