Best Practices for Supply Chain Attacks

“With the digitization of our economy and the effects of this pandemic, the majority of businesses have not yet realized that their first and third-party cyber liability risk is at an all-time high.” says Cyber Security Workforce Developer Chase Norlin, CEO of Transmosis, “This is why 60% of small businesses, in particular, go out of business after a breach within 6 months – their reputations are destroyed, big contracts they have with other companies are dropped, and their partners, customers and vendors can sue them out of existence.”

According to Norlin, Antivirus software and firewalls are not enough these days, “Businesses must budget for appropriate cybersecurity that covers endpoints, network and user activity across the entire organization – not just a piece of it. Hackers actually take advantage of common antivirus and firewalls, because they are not great at keeping modern threats out. This cybersecurity must also be compliant; more frequently we are seeing government fines and penalties related to privacy regulations. Businesses must invest in cyber liability coverage to cover them financially in the event of a supply chain cyber attack. The average cost of investigation and recovery is in the 6 figures range.”

Understand Risks Associated with Third-party Vendors and Suppliers

“Consider the reasons behind a potential attack before determining how adversaries could attempt to disrupt your business operations or manufacturing output. In addition, you can recognize the most important properties, such as intellectual property, proprietary knowledge, and customer information. Through identifying these reasons and properties, the company would be able to determine which networks and areas of your supply chain to protect, as well as how to prioritize your cybersecurity investments. Implementing efforts such as threat hunting, sensor deployment, and centralized log aggregation will assist you in uncovering evidence of existing activity, gaining deep cross-enterprise visibility, or identifying holes in your organization’s capacity to detect such activity. Consolidated reporting offers faster insight into cyber threats and aids in the discovery of complex attack chains.”

Tony Kelly, Founder & CEO at CameraGroove

Levels of Security

There are several measures companies can take to protect their supply chains from cyber threats and data breaches:

1. Businesses should consider specifying acceptable levels of security and related controls and requiring subcontractors, suppliers, and essential supply chain partners to meet or exceed such requirements as terms and conditions of existing contracts.

2.  To detect instances of emerging threats or active attacks, companies should consider adding vendor-identifiable information to their current cyber threat intelligence operations. Threat actors can infiltrate a vendor network that is known as having access to the main enterprise network. If the parent company is aware of these activities, it may take countermeasures until the threat actor has a chance to step laterally into their network. Cybersecurity, like life, necessitates collaboration.”

Pranchil Murray, Head of Customer Success, Malwarefox

Preventing Supply Chain Cyber Attacks

1. Encryption of all electronic data collected and exchanged. An IT companies can help in this kind of encryption through network cabling solutions.

2. Electronic payments and online banking require two-factor authentication.

3. Security software and encryption are installed on all computers, including employees’ smartphones, and the software is kept up to date.

4. A social media policy that restricts the amount of information that workers can post online that could be used in spear-phishing attacks.

5. Anti-spear phishing software is used, and staff are trained on a regular basis to detect spear-phishing emails.

6. Computer-use guidelines involve never clicking on links or uploading attachments before the authenticity of the source is established.

7. When using laptops and other portable devices outside the office, use virtual private networks.

8. Wire transfer procedures that require several people to sign off before a payment can be made.

9. Avoiding ransomware problems by regularly backing up all data with three copies of two separate formats, one of which is stored offsite.

10. Employee data access should be limited to only the information that they need.”

Miklos Zoltan, CEO & Cybersecurity Researcher at Privacy Affairs

Implement Honeytokens

“Honeytokens function as tripwires, alerting companies to unusual behavior in their network. They’re fake tools masquerading as classified information. Attackers mistake these dummy tools for valuable assets, and as they engage with them, a warning is sent to the targeted organization, alerting them to an attack attempt. 

This provides companies with early warnings of data breach attempts as well as information on each breaching process. Organizations will isolate the individual services being attacked and deploy the most successful incident management efforts for each cyberattack approach using this intelligence. Honeytokens might also expose the location and name of a cyber intruder if they aren’t running behind a firewall. Honeytoken can be applied by vendors to be more effective at stopping supply chain attacks.”

Daniel Foley, SEO Manager at Litta

Identify All Insider Threats that Could Exist

“Malicious intent isn’t necessarily at the root of an insider attack. Most of the time, they are completely unaware of the dangers that their acts pose. Such unwitting end-users would be filtered out through cyber threat awareness training. 

Insider threats from hostile insiders are difficult to spot. They’re also much more dangerous because they can give threat actors the specialized access they need to launch a software supply chain attack.

Employee feedback surveys on a regular basis, as well as a transparent and welcoming work environment, will resolve issues before they become aggressive insider threats.”

Darshan Somashekar, Founder & CEO, Solitaired

Blockchain and other Hyperledger Technologies

“A system that validates any modification in the supply chain with an incontestable source and timestamp is the holy grail of supply chain security. This is possible thanks to blockchain and other hyperledger technologies, which eliminate the need for centralized management and control. Despite the fact that most companies are just now starting to evaluate these innovations, now is the time to start thinking about them. End-to-end blockchain and hyperledger will, in the end, have supply chain transparency and defend vulnerable segments from secret attacks.”

Eric McGee, Senior Network Engineer, TRGDatacenters

Implement Strict Shadow IT Rules

“All IT gadgets that have not been authorized by an organization’s security team are referred to as shadow IT. Many workers are integrating their own private IT devices while building their home office environments as a result of the recent global acceptance of a remote-working model. IT protection departments should require all IT devices to be registered, as well as stringent rules for what can and cannot be linked. To identify DDoS attacks launched from the supply chain, all authorized devices (especially IoT devices) should be monitored.”

Jeff Cooper, Manager at Messagely

Since the damages caused by the SolarWinds supply chain attack in 2020, multiple organizations- private and government- are still reeling from its impact. To combat such threats and prevent them from repeating in the future, new frameworks and legislations will likely be developed. Proactive measures will also need to be immediately implemented, such as increased vulnerability assessments, DLPs, SIEM logging and AD Audits.