What lessons are there from recent cyber-attacks in the supply chain sector?

No person or firm can 100% guarantee safety against a cyber-attack. This means that supply chain businesses must shift their cybersecurity strategies to not only ensure they have the best protection possible, but to also include mitigation tactics in case of a data breach by cybercriminals.

Due to escalations in cybercriminal activities over the past decade or so, we know that no individual or organisation is safe and that cybercriminals will use any means necessary to get what they want. This means that supply chain firms are quickly learning the importance of a zero-trust approach to security, meaning all attempts to access to company assets, whether it be an employee or otherwise, are treated as malicious until user identity can be verified.

With a zero-trust approach to cyber security, user identity is governed to the same level of scrutiny as physical security. You wouldn’t let anybody walk into your office, so why should your IT networks be the same?

Is the supply chain particularly vulnerable?

The supply chain is absolutely vulnerable to cyber-attack. We have observed a broadening in motives behind cyber-threat activity. Some hackers and advanced persistent threat groups (APTs) are motivated by money, leading to ransomware attacks and other banking scams. Whereas others may be motivated by geo-political tensions or even a desire to cause chaos.

As the supply chain industry has proven to be of particular significance during the COVID-19 pandemic this makes it an attractive target for cybercriminals with a range of motives. In the case of ransomware, supply chain firms simply cannot afford for their systems to be compromised for even a short period of time, meaning they are potentially more likely to pay out the ransom to minimise further economic loss.

Likewise, for state backed hackers supply chain disruption can be a powerful weapon in slowing international trade and crippling local businesses, services and infrastructure.

Have we got more information on who cyber attackers are? Smart criminals? State actors? Anarchists?

Just as motives for cyber-attacks have broadened, so has the source of criminal activity online. It is safe to say the vast majority of cyber attackers are linked to APTs and criminal organisations that profit off activities such as ransomware and the sale of sensitive information to other criminal organisations.

What key measures should industry be taking?

A zero-trust approach to cybersecurity should be top of the list of priorities for organisations seeking to best protect assets and staff. Achieving full effectiveness with zero trust starts with ensuring identities of every user are constantly verified and updated accordingly. This means including identity governance controls for roles, entitlements, separation of duties (SoD) policies, and risk.

Further, a recent IBM study shows that companies that utilise AI, machine learning and analytics into their security processes are able to respond to data breaches 27 per cent faster than their non-automated peers. When we consider the average response time for companies without these measures is 74 days, it is clear that automated security is key to maximising protection against cybercriminals.

Where are key points of vulnerability?

Supply chain firms must understand that every endpoint; that is any device connected to the network whether it be a phone, laptop or even a smart fridge, is a potential back door for hackers. This means that it is critical to ensure that every device connected to the network is accounted for and monitored to ensure they aren’t compromised.

However, the number one point of vulnerability for any business is the human factor. If there is one thing hackers love to exploit it is human error, particularly weak passwords and our propensity to click on phishing emails. This means that cybercriminals will often resort to targeting individual employees if they wish to attack a particular organisation. This is why a zero trust security approach achieved with identity governance is so crucial. Because often through no deliberate fault of their own, employees can easily become the weakest link in the cybersecurity chain.

For supply chain firms that may hire multiple casual workers or contractors, this means it is so important that the online identities of these workers are managed to ensure that if they do become compromised, they still cannot access everything within the network.

How has COVID-19 affected supply chain cyber vulnerability?

COVID-19 has changed the way we work and have unfortunately made it harder for IT teams to control online workplace environments. Working from home makes it nearly impossible to sanitise business IT assets from personal devices. This has exponentially increased the number of endpoints that can potentially be exploited by hackers. The only way these vulnerabilities can be rectified is through the adoption of security and identity strategies that trusts no one with their own IT environments.

Likewise, the boom in e-commerce due to social distancing measures has meant that the supply chain has become more critical in supporting business than ever before. This makes the supply chain more of a target for cybercriminal that wish to cause disruption or leverage consumer demand for their own financial gain through criminal tactics such as ransomware.

Terry Burgess, vice president, Asia Pacific and Japan – SailPoint