What is a Supply Chain Attack?
In supply chain attacks, cybercriminals target vulnerabilities at companies within a larger organization’s supply chain and then use access to that supplier’s network to infiltrate the larger organization or other business partners. These attacks can take many forms, all of which exploit the growing complexity of connections among companies’ partners, suppliers and customers.
How do Supply Chain Cyber Attacks work?
Supply chain attacks often work in roughly the following way: a hacker group crafts a phishing email purported to come from a trusted partner but containing a malicious URL. The email may leverage the services of legitimate cloud or email providers, making it look more authentic. When clicked, the malicious URL might install a backdoor into the recipient’s network, giving the threat actors a beachhead for wider attacks against the recipient’s own systems and its entire supply chain.
Why is Supply Chain Security Important?
Cybercriminals have recognized that the complexity of modern supply chains makes them vulnerable and potentially attractive targets. It’s easier for companies to secure their own organizations than that of their business partners, suppliers and customers, any of which may require occasional access to the company’s corporate network. As organizations rely ever more on connections to external providers – and to third party services, delivered via the cloud – they become more vulnerable to attacks that seek to breach their networks or those of their partners.
What are the Best Practices for Supply Chain Cyber Security?
As with most forms of cybersecurity, safeguarding against supply chain attacks involves understanding your business’s primary risks and addressing them through layered defenses encompassing people, process and technology. Organizations can audit supply chain partners’ security systems, helping to mitigate risks arising when both parties share access to business systems. Further, inbound supply chain phishing attacks can be limited through deeper inspection of email content and more effective employee security awareness training. Wider use of DMARC can help organizations resist more attacks that spoof their own identities.