Solving the supply chain attack challenge
Letâs start with better understanding supply chain attacks. They are a significant threat that organisations face today. Cybercriminals can infiltrate an organisation through vulnerabilities in its supply chain. This might involve compromising software updates, third-party vendors, or other connected systems to gain access to the primary targetâs network.Â
Recently weâve seen the NHS become another victim of a supply chain cyber-attack, and witnessed the significant consequences this can have on critical health services. Â
Synnovis, a provider of pathology services to multiple London hospitals was the victim of a ransomware breach. Despite well-made government plans, this wonât be the last NHS related cyber breach, given the vast supply chain the NHS is critically dependent upon.
Such attacks highlight the need for robust security measures that go beyond protecting only the primary systems. National guidance has been issued in response to the heightened risk.Â
Cloud based data breachesÂ
High profile supply chain attacks this year have targeted Ticketmaster and Santander, impacting hundreds of millions of individuals world-wide. Both relate to a third-party Snowflake cloud data breach. Â
Snowflake is a leading cloud-based data warehousing service provider, enabling the storage, processing, and analysis of large volumes of data, seamlessly. Their platform supports data integration, business intelligence, and advanced analytics, providing a scalable and flexible solution for data management needs. They have a significant global customer base embedded within the supply chain of many household names.Â
We spoke to QAâs Practice Director for Cyber Security, Richard Beck, about the extent of the risk. He believes âthis has a long way to run, given the size of this customer base and overlapping vulnerabilities in the supply chainâ.Â
Supply chain users are consistently targeted by cyberattacks known as âcredential stuffingâ, an identity-based attack. These involve cybercriminals using stolen login details, such as usernames and passwords, obtained from data breaches. They then try these credentials across multiple platforms, taking advantage of the fact that many people reuse the same passwords for different accounts. Crucially, accounts that have failed to enable multi-factor authentication are the most vulnerable.Â
This has prompted the Australian government to issue a stark cyber-attack warning, and Snowflake themselves released guidance to its customers to mitigate the risk. Â
Credential stuffing is particularly effective because it can be automated, allowing attackers to try thousands of login combinations rapidly. Once they gain access, attackers can steal or ransom data, access internal systems, and even withdraw money from accounts.Â
Four steps to mitigate identity-based attacksÂ
Richard is here with his expert advice, offering four key steps to ensure your organisation isnât the next victim of identity-based cyber attack:Â
- Enable Multi-Factor Authentication (MFA): MFA requires users to provide two or more verification factors to gain access, making it harder for attackers to succeed even if they have the correct password. Richard highlights, âit really is a no-brainer and incredibly simple to mandate, including in cloud and third-party servicesâ.Â
- Use Strong Passwords: Encouraging users to create unique passwords, using best practice, for different accounts reduces the risk of credential reuse. Donât recycle passwords! Investigate password rotation options for API driven supply chain services.Â
- Conduct Regular Security Training: Educate employees and users about the latest cyber threats and best practices. Ensure continuous education on emerging threats and provide relevant security skills to your defenders.Â
- Implement Zero Trust Security: This approach assumes that threats could come from both outside and within the enterprise and wider supply chain. It continuously verifies every user and device trying to access systems, non-human identities, and services.Â
The take-away Â
Credential stuffing identity breaches and supply chain attacks are serious threats that require proactive and robust security measures. Â
Richard asserts that âthere are no good reasons for not mandating MFA, encrypting your data, initiating robust password policies, and implementing Zero Trust security, organisations can better protect their data, services, and systems from these evolving threatsâ.Â
By fundamentally changing the security paradigm to ânever trust, always verify,â Zero Trust significantly enhances the ability to detect, prevent, and respond to supply chain attacks. Zero Trust skills enable organisations to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments throughout the supply chain.Â
âAdopting a Zero Trust security model is no longer a choiceâ according to Richard, âbut an urgent imperative for organisations. In an era where cyber threats are increasingly sophisticated and pervasive, traditional perimeter-based defences are inadequateâ.Â
Zero Trust takes things a step further by expecting threats both inside and outside your organisation and supply chain. It therefore requires continuous verification every step of the way. With this proactive stance, you can reduce risk and safeguard against persistent ransomware attacks, including identity breaches and supply chain compromises.Â
Ready to level up your cyber precautions? Check out our industry first, technology agnostic Zero Trust Training. Â