Supply chain attacks — targeting weak points in organizations multiple degrees separated from your business — are on the rise. Do you have the cybersecurity support needed to keep you and your business safe?
All you hear about these days is ransomware, phishing, run of the mill malware, etc. With incidents like WannaCry dominating the cybersecurity headlines, it’s easy to get caught up and assume that it’s those types of threats that are the most dangerous and the most prevalent, and the main point of concern when it comes to your cybersecurity support.
In reality, that’s not the case.
One of the most threatening and dangerous trends in cybercrime is the supply chain attack. By penetrating a weak point that isn’t directly a part of the target business, cybercriminals can easily gain access to sensitive data and finances.
Just think about it – when it comes to you and your cybersecurity solutions, they only extend as far as your business does, right? It’s not your purview or your duty to inquire and guarantee the cybersecurity of the vendors that you deal with, right? That’s the foundation of supply chain attacks – whereas the target organization may have top-of-the-line, bleeding-edge cybersecurity defenses, a supplier two or three links down the chain from them doesn’t.
That said, ransomware and phishing are still scary, and can cause a lot of damage – but when compared to the scale of supply chain attacks? They’re barely a drop in the bucket. Ransomware and other small cybercrime tactics won’t be going away anytime soon, but that doesn’t mean you shouldn’t be aware of the much larger threats looming in the distance.
IT Vendor Supply Chain
When a hardware or software vendor is hit, it affects thousands, at the very least – that’s why the right cybersecurity support is so important. Keep these examples in mind when you evaluate how much blind trust you should be putting in your IT vendors:
- One of the most prevalent hackers in the world has noted that Flash is the easiest way into any operating system, calling it the “root of browser insecurity”
- In 2010, Dell shipped thousands of infected server motherboards to suppliers, and in the end, blamed it on “human error”.
- Similarly, Adobe sent their Enterprise Customers using Proliant Servers USB keys that turned out to be infected with FakeCry and SillyFDC viruses. The USB keys were meant to install floppy disk drivers but arrived with something much more dangerous. Adobe told users that any up-to-date cybersecurity solution should be able to handle them.
- As of 2009, Wal-Mart sold potentially millions of smart picture frames with embedded malware, affecting any user that linked the picture frame to another device.
Web Supply Chain Attacks
These types of supply chain attacks are arguably even more dangerous because of how many consumers they really affect. All it takes is for someone to visit a site to be affected, as compared to IT Vendor Supply Chain Attacks, which generally involve a purchased product. The bottom line is that malvertizing and similar supply chain attacks like this are an attack against all users, which is why expert cybersecurity support is so vital.
So many companies have failed — and continue to fail — to pay attention to the threats their own websites pose to consumers. Back in 2008, American Express’ website had XSS flaws, not once, but twice in under six months.
Furthermore, if 2008 seems too long ago to take seriously, then how about Equifax’s recent discovery of malicious code on a website run by one of their third-party vendors? Equifax was adamant that they have not been the subject of another cyber-attack; thanks to their attention to cybersecurity, their systems weren’t compromised again.
In response to their discovery, Equifax took the website offline just to be safe – they would obviously rather not take any risks again so soon after their major data breach from not too long ago.
So what can be done? Fortunately, not everyone has their head in the sand when it comes to supply chain attacks.
The biggest companies in the world — Google, Apple, etc. — and large financial institutions — Morgan Stanley, Goldman Sachs, etc. — have the means to do their due diligence. They can invest in guaranteeing the security of the vendors they work with. They have the means to actually test the products that they buy for backdoors and compromised hardware before they deploy them and get them in the hands of customers – but what about the other 99.9% of organizations that don’t, won’t, or can’t test components?
This is the core of why expert and informed cybersecurity support for your business is so important. With the Brainlink team of experts on your side, we can help you mitigate the risks that your supply chain may pose to your business. The fact is that we’ve been paying attention this trend for years – put that experience and knowledge to work keeping you and your business safe today.
Click Here to review Raj Goel’s presentation on “Trends In Financial Crime.”