Many of the most high-profile breaches have been a result of weak links in an organization’s supply chain. The cyber attacks on Target, Home Depot and the U.S. Office of Personnel Management (OPM) are just a few examples.
In an era when organizations are sharing increasing volumes of digital information with suppliers and providing them access to their networks, this shouldn’t come as a surprise. Sophisticated adversaries are finding vulnerabilities wherever they can, and often that means looking to an organization’s partners for weaknesses in defenses. Using the partner as a ‘stepping stone,’ they gain access to their ultimate target.
No industry is safe from supply chain cyber risk. In its annual study of manufacturers, accounting and consulting organization BDO USA, found for the first time that cyber risk ranks among respondents’ top 10 risk factors. It’s also a concern in the maritime industry. In an effort to reduce risk to any organization that has an ocean cargo aspect to their supply chain, the new Intelligence Authorization Act of 2017 includes legislation to address cybersecurity at the 360 U.S. commercial seaports.
We all know that traditional defenses that focus on protecting the perimeter are no longer sufficient. Attackers are identifying new vulnerabilities by actively surveying your organization’s digital shadow, a subset of your digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary. And as your supply chain gets longer so does your digital shadow, affording cyber criminals more opportunities to steal valuable data and launch devastating cyber attacks.
Organizations need a proactive approach to defend against targeted attacks by engaging in supply chain security and through greater cyber situational awareness.
SANS defines supply chain security as “a program that focuses on the potential risks associated with an organization’s suppliers of goods and services, many of which may have extensive access to resources and assets within the enterprise environment or to an organization’s customer environments, some of which may be sensitive in nature.” This begins with involving supply chain managers in cybersecurity, working with IT and security practitioners to identify which areas of their supply chain may be vulnerable to cyberattacks, and together establishing guidelines and controls for suppliers. Supply chain managers must then collaborate with their suppliers to help ensure they are following best practices in cybersecurity. And all of this must be done without disrupting supply chain operations.
Cyber situational awareness complements these efforts by providing organizations with an attacker’s eye view into information about themselves that is available online. It then alerts you to potential threats, instances of sensitive data loss, or compromised brand integrity. Using that information you can prevent, detect and contain cyber-related incidents.
Information is gathered by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web.
Cyber situational awareness provides relevant and contextual insight based on data that is company specific and pertains to the industry, company size and geography. Specific to supply chain security, this may even include information about key partners that bad actors could use to infiltrate an organization’s network. Cyber situational awareness also analyzes and provides information on which malicious actors might be targeting an organization, why and their methods of attack. This can be used to identify attackers that rely on tactics, techniques and procedures (TTPs) that involve supply chain partners.
There are numerous examples of cyber attacks that stem from weaknesses in a supplier’s defenses. The Brisbane City Council in Australia reportedly suffered a $450,000 AUD loss due to a successful business email compromise attempt. Attackers reportedly posed as a supplier to the council via "legitimate-looking" emails and phone calls, and requested that payment details be changed, causing funds to be transferred to an attacker-controlled bank account. Awareness of these tactics can inform security efforts to train and educate employees.
Exploit kit developers are constantly looking to incorporate new exploits for the latest vulnerabilities in software like Flash, Java and Oracle. Many organizations use this software, so gaining awareness of the most commonly exploited vulnerabilities helps to prioritize patching procedures.
Clearly cyber situational awareness plays a critical role in helping organizations to understand what they need to do right now to stop attacks and mitigate supply chain risk. However, it can also be used strategically, to strengthen supply chain security by helping organizations to understand how to make the right investments for more effective defenses as their digital shadows get longer.