A (Not So) New Cyber Threat :: Supply Chain Security

With everything going on in the world, a sound cybersecurity strategy is more critical today than ever before. According to the Allianz Risk Barometer, the number one concern for companies globally in 2022 is cyber incidents, followed by business interruptions and natural disasters.

According to cloudwards.net, 37 percent of all businesses and organizations were hit by ransomware in 2021, costing the world $20 billion. Recovering from a ransomware attack cost businesses $1.85 million on average. Out of all ransomware victims, 32 percent paid the ransom, but they only got 65 percent of their data back.

These numbers are not outliers. They are a true snapshot of the challenges organizations just like yours face daily. They are real statistics behind real attacks that had a very real impact on the bottom line of many businesses, large, small and all in between. And your industry is a major target of great concern.

Cybercriminals are gaining access to networks and living on them for weeks – even months – doing reconnaissance. They are determining what is vulnerable and then exploiting those vulnerabilities after they have their foothold in your environments. Next, they will encrypt a few systems or the entire data center, including backups. Then you must pay. The cybercriminals yearn to return your data so they can continue to build their reputation of delivering if their demands are met – and of course those demands can take a huge chunk out of your organization’s bottom line.

And just when you think you have your security risk minimized by deploying cybersecurity preventative measures, the growing concerns with supply chain security creeps into your cyber consciousness.

Supply chain security is not a common talking point for the masses, but, according to an Argon study, those targeted attacks tripled in 2021. If you aren’t talking about it today, you very well should be. The recent Log4J/Spring4Shell attacks, among many others, have the security community on high alert – and your organization should be thinking about supply chain management – and the inherent risks – as well.

What is Supply Chain Security?

 Let’s start with the basics. Supply chain management is a unique concept, and quite complex. It is considering one single data point as well as the system as a whole. It includes each and every employee and each and every third-party vendor. It requires communication and understanding – and most of all – constant vigilance to bring to it all a culture of security.

Supply chain security focuses on the management of all elements of your business, internally with staff and data and externally with your suppliers and all points in between. There is no one proper approach or magic bullet. It is complex and multifaceted – and very much a moving target.

Internal Considerations

Let’s focus on internal practices first and where you can begin. For the sake of brevity, the main goals to focus on are to close entry points for malware and lock down customer data. Much of this can be achieved with constant monitoring of systems and users alike. Be sure to review user activity for anomalies and pay great attention to alerts you have set up. Implementation of additional mitigating controls should be considered as well as the creation of additional alerting.

As far as systems go, be sure to practice consistent log management and review critical systems, including those with high volumes of data. And be sure to consider those systems that may not store, process, or transmit sensitive data but could have considerable vulnerabilities.

Speaking of vulnerabilities, great effort must be made to prioritize patching. Patches are sent for a reason, and quite often, that patch is to correct a serious vulnerability and should not be postponed. And you can take monitoring a step further with the deployment of incident detection software on users and endpoints or devices on your network that need to be monitored

Lastly, enforcing Multi-Factor Authentication (MFA) in any or all environments possible is a key step to securing entry points into your system. The risk of compromise is reduced significantly with implementation of hardware, such as tokens, or user-friendly methods such as leveraging smartphones.

The bottom line is cybersecurity is multilayered – and the more layers – the better. Adopting a zero-trust approach can help your organization position themselves defensively from the start.

External Considerations

Let’s revisit the earlier reference to Log4J. Back in late 2021 and early 2022, this software vulnerability shook the cybersecurity world – and we should all take notice. This seemingly innocuous logging code was utilized by many. But it had a flaw, a flaw that opened the door for intrusion that could disrupt the world due to its mass adoption. A patch was released for those affected, which was an incredible number of users. Perhaps your organization was impacted and patched promptly. But what if one of your vendors didn’t?

Supply chain security is not limited to within the walls of your organization. Much consideration should be given to those trusted third-party vendors with which you work. These absolutely are valuable relationships you built over the years, but also an area of potential threat if their organization doesn’t have a sound cybersecurity plan in place as well. Simply put, if you have a vendor who has a vulnerability, that means your organization potentially could too.

But where to start? The first step is key: Do your due diligence. Find out what cybersecurity practices they have in place. How are they monitoring their systems? What protocols do they have in place in the event of a breach? Protect your organization: Monitor and risk assess vendors, set security standards…and enforce them.

Bring the Defense in Multiple Layers

While protecting your organization against cyberattacks can seem to be an overwhelming and daunting task, the best strategy is to place defense at the forefront through multiple layers of protection and staff education. One layer won’t do it – nor will one staff meeting.

A zero-trust approach is the best approach. Be vigilant. Be thorough. Most importantly though, accept the fact that it can very much happen to you. No one is immune. Be prepared.

Remember, evolving cyberattacks require an evolving cybersecurity posture.

To learn more about how NISC Cybersecurity Services can help protect you and your organization from cyberattacks, please visit www.cybersecurity.coop and reach out to NISC’s Cybersecurity Services Team at cyber@nisc.coop. NISC also has developed NISC CyberSense, a free educational cybersecurity kit to help organizations across the U.S. promote the importance of being safe online. You can access the kit at www.nisc.coop/nisc-cybersense.