You’ve turned your client’s network into a virtual fortress. There are firewalls, double authentication protocols, an up-to-date patching regimen, and frequent pen-testing. You’ve pretty much eliminated the threat of hackers within your client’s critical network, right? Think again.

Hackers are always watching for complacency before probing the resulting weak spots. That’s why “supply chain attacks” are on the rise. Supply chain attacks are breaches of on smaller, less-protected vendors that give lateral access to a larger organization’s network.

One weakness is all it takes

The online ecosystem is an intertwined, complicated, challenging to manage jungle, and one weak spot  creates vulnerability everywhere.

Recent reports show that 50 percent of all cyberattacks aim at the supply chain. In 2018, supply chain attacks spiked a whopping 78 percent, and 2019 is shaping up to be a dangerous year for these stealth attacks. CSO Online describes the threat succinctly:

“The risks associated with a supply chain attack have never been higher, due to new types of attacks, growing public awareness of the threats, and increased oversight from regulators. Meanwhile, attackers have more resources and tools at their disposal than ever before, creating a perfect storm.” 

Smarter MSP caught up with Hussain Aldawood, a cybersecurity expert at the University of Newcastle in Australia, to get up to speed on some of the latest surrounding supply chain attacks.

Hackers are hungry for supply chain targets

Aldawood states that supply chain attacks are so harmful because a hacker can damage many linked entities at once. The demand for outsourced specialization has only fueled the appetite.

“The need for outsourcing supply chains recently has increased the number of exposure points in the process because of the greater number of entities involved and linked. I believe that the number one risk derived from supply chain attacks is caused by sharing some sensitive data with suppliers,” says Aldawood.

While sharing such information with suppliers is vital for the supply chain to function, thought still needs to be given to how this process itself poses a security risk at the same time.

“If organizations manage supply chain management systems in a poor way, they can easily suffer from significant hazards of cyber-attacks. Logically speaking, poorly managed supply chain management systems can lead to disruption of the manufacturing process. Another consequence can be losing sensitive customer data, which of course will lead to damaging a company’s reputation,” warns Aldawood, citing the notorious 2013 Target breach.

“This specific incident caused Target to face around 90 lawsuits against them. Target’s fourth-quarter report to investors showed that it spent around $61 million in response to the breach,” Aldawood says.

What role can MSPs play in protecting a client’s supply chain?

Aldawood advises that MSPs need to consider having specific principles in place to create resilience in their supply chain, including:

  • A small supplier base, which allows an organization to have stronger control over its suppliers.
  • Stringent vendor controls, which include implementing approved updated security protocols along with conducting occasional site audits at supplier locations.

Without such controls, these supply chain attacks will continue escalating.

Recent cybersecurity news shows that cyber breaches have been increasing year over year, affecting the confidentiality, integrity, and availability of data,” notes Aldawood.

Aldawood warns that cybersecurity specialists need to be quicker to react to these supply chain attacks.

“We can’t ignore the fact that we are dealing with a huge challenge in the lack of cybersecurity professionals over the speed of adopting new IT technologies. In my opinion, if organizations stay alert and adopt the latest security measures against advanced cyber threats, the problem of supply chain attacks might be better than it is today,” predicts Aldawood.

For MSPs, it is not good enough to simply protect your client’s perimeter. You have to build defenses against breaches through the increasingly complicated ecosystem.

Photo: Zapp2Photo / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *