Does your business use third-party vendors? Most do, which is why it’s important to learn about supply chain attacks. They’ve become a major cyber risk over the past few years, and one CISO study found 80% of organisations have had a breach that was caused by one of their vendors in the past 12 months alone. These breaches make hackers’ jobs easier, and can often lead to phishing, malware and data loss.
As a business owner or operator, you want to prevent that from happening. We asked the experts at ESET to explain how to strengthen your supply chain cybersecurity and find any ”weak links,” and they had some great tips.
What’s a supply chain attack?
In simple terms, a supply chain attack occurs when a hacker taps into your system through a partner or provider you work with. Also known as a value chain or third party attack, it mostly happens when companies give their vendors access to a) their systems or b) their data so they can carry out their work.
The problem? Since we conduct so much business online, suppliers tend to touch-sensitive data more than they used to. Plus, supply chains can be long and complex, which gives hackers plenty of opportunities to try and gain access.
Supply chain cyber security threats are becoming more and more common, and there are so many examples of how they play out. For instance, Target leaked 40 million debit and credit card numbers back in 2013, and traced that catastrophic breach back to one of their air conditioning contractors who had lax cybersecurity. Closer to home, Domino’s Australia had a partner who leaked customer names and email addresses in 2014.
3 ways to prevent supply chain attacks
Luckily, there are a few things you can do to tighten up your digital ecosystem and boost your cyber supply chain risk management.
#1 Assess your ecosystem
The first step is looking at all of your contractors and vendors and thinking about who might be a good target or “in” for hackers. Be honest and open with your partners, and explain that you’re conducting a supply chain attack assessment to identify any weaknesses and protect all parties involved.
As part of this, ask each partner about their cybersecurity policies and practices (like multi-factor authentication), as well as any regulations and compliance requirements in their industry. While you’re at it, confirm the best team to contact in case of a supply chain attack (like the IT department), and emphasise that they’ll need to create a contingency plan. Chances are, your biggest suppliers will already follow best practices in cyber supply chain risk management — but the smaller ones may not.
By raising these important questions, you’ll not have a better understanding of your partners’ commitment to cybersecurity, but you’ll also be able to spring into action if they do fall victim to a supply chain attack.
Many organisations are starting to add security provisions to their service contracts. If you rely on third-party vendors, it’s worth considering this as it adds another layer of protection for your company.
#2 Suggest an external test
Along with asking partners to run an internal assessment, it’s a good idea to enlist the help of a penetration tester or “ethical hacker.” Basically, these professionals try to hack into a company’s system or data the same way a cybercriminal would.
They’re well-versed in the tricks and techniques hackers use to launch an attack, and they can be useful in identifying any cybersecurity gaps (or gaping holes!). Knowledge is power, and if your partners know there’s a problem, they can patch it up sooner.
#3 Install antivirus software
One of the best ways to defend your “castle” is by installing sophisticated antivirus and anti-theft software on all company devices. ESET Secure Business offers a multi-layered defence against a range of cyberattacks to keep your company — and data — safe. Along with offering malware, ransomware and identity theft protection, it also has a remote security management feature, which is handy if you have employees working from home.
The ESET Threat Intelligence Service is another excellent resource for businesses in the fight against supply chain attacks. It helps to detect advanced threats in your organisation as well as the global cyberspace, and block targeted attacks.
Look into internet security for businesses today
Supply chain attacks aren’t new, but they’re happening more often as companies rely on digital networks and third parties to get the job done. These three steps will go a long way in protecting your business, but feel free to contact ESET if you have any questions!