Cyberattacks have become so common in today’s world that they are part of the cost of doing business. However, what happens when your partners and collaborators make you a target?
Every day or so, there are public news of organizations having been victimized by a cyberattack and those are only the ones that are publicly known. It becomes incredibly hard to have an accurate number of cyberattacks as events are underreported.
Supply chain cyberattacks are growing more common. Supply chain attacks occur when an unsecured trusted organization is attacked to gain access to larger partners. This means that smaller companies are now targeted to gain access to their clients or partners. Maybe five years ago, organizations that did not have to worry about being targets now have a target on their backs. According to CrowdStrike 2021 statistics, supply chain attacks could become one of the biggest cyber threats. In 2021, supply chain attacks were rising by 430% because as organizations secure their infrastructure, the human factor is often ignored.
Supply chain attacks are possible in parts due to human relationships and interconnectivity. These relationships with external organizations can put you at risk even though you are not what one would consider an interesting target. You become an easy and interesting target based on your relationships with clients, suppliers, and third-party vendors. Thus, in the end, you can become a target on the way towards a bigger organization that is the main target. The relationship does not have to be one removed but can be multiply removed, and the risk remains the same. For example, a threat actor wants to attack organization C, but organizations B and D are too secure for a technical breach, so perhaps they will begin by attacking organization A to then go into organization B, which leads them to C. Now, your organization might be a pathway to another target, but an opportunity is an opportunity, and while they are in your organization, they can cause mayhem to increase their revenue because they can.
With the world shifting to a remote work mode and the increased uses of platforms such as Teams, Zoom and Slack, relationships between organizations have also changed. Instead of emails, employees exchange on instant messaging platforms. Organizations have been vocals for years and increased employee awareness training for phishing email campaigns. Threat actors are adaptable to these changes. Phishing campaigns can target these networks and exploit these connections. So, now that employees might be more cautious about emails, are they as critical when it comes from an instant message from colleges or external partners? Or are they careful about sharing documents on these platforms and downloads? Phishing attacks using Teams and Slack have begun. Instant messaging is a more intimate form of communication than emails, where users have established working relationships.
Interconnectivity is the Achilles heel of cybersecurity. Overall, interconnectivity has brought convenience to professional lives, such as working from home; however, it also has led to threat actors having to opportunity to have access to the entire infrastructure from a distance. To better understand the concerns with interconnectivity is to think of it as an amusement park. Once you’ve entered the amusement park, you can walk around and go on almost all the rights, but you might need a high status for the special rides to get you there. There are numerous possible entry points in infrastructure, either through vulnerability exploits or social engineering (phishing, drops or other). Once the threat actors have breached the organizations, they can roam the infrastructure, searching for their desired end goal. If what they are searching for is restricted, they will be looking to elevate their privilege to access the data. Additionally, interconnectivity can be used in supply chain attacks. A threat actor could have used the usurped identity to send a spear message to the bigger targets from within the first company. If the spear-phishing attack is successful, the threat actors can roam the wanted infrastructure to perform the desired attack.
You may wonder how it could happen to your organizations. Here are some factors to consider: have you vetted your clients, suppliers, or third-party vendors? Have you listed your relationships on your websites? Is your infrastructure secure? Are all the software updated? Are you using unsecured conversation channels and exchanging confidential data? These are factors to consider when discussing cyber risk to ensure that your organization is as secure as possible. It is important to remember that the risk will never be at zero, but there are ways to minimize the risk.