As organizations adapt to a changing working environment, attackers have been taking advantage of vulnerabilities at an ever-increasing rate. Most attackers will go for the weakest link in a company, such as untrained employees or APIs, but some recent security incidents have involved supply chain attacks, which deploy from within trusted servers or software. To protect themselves and ensure continued recovery, companies need to focus their efforts on improving security practices and patching weaknesses.
The Growing Supply Chain Risk
The most pressing issue for any company is data security. Recent attacks on organizations like Kaseya and SolarWinds have involved software vulnerabilities and malware that enabled a supply chain attack. These attacks are challenging to control because once malware gets inside that company’s trusted software, it will be pushed out to multiple other organizations via an update, software, or hardware. Once security is compromised, eliminating the malware can be extremely difficult because so many users have received it.
Certain conditions make some companies more vulnerable than others to a supply chain attack. An organization that uses third-party applications and software could experience an incident due to a supply chain attack on the vendor. Large vendors themselves are especially vulnerable to attack. They have multiple weak links and large distribution networks, which make them enticing targets. If that vendor serves government organizations, as SolarWinds did at the time it was attacked, that may make it even more attractive.
Also check: How to Unlock Itel it5081 Phone Security Code
In the case of SolarWinds, a supply chain attack began when malicious actors (allegedly Russian operatives) inserted malware into company servers and Orion software updates. Once SolarWinds sent out a software update, every user who downloaded that update also downloaded the malicious code to their machines. This resulted in substantial amounts of compromised data for up to 18,000 users.
SolarWinds is not the only large vendor to experience a supply chain attack in the last few years. In 2021 Kaseya also experienced a supply chain attack wherein malware infected their servers. Because multiple clients received data from the same server and were not isolated from one another, the attackers were able to send that malware to the clients. This turned out to be REvil ransomware, which encrypted users’ files until they paid the required amount of bitcoins to the attackers.
While attacks on private companies can be very profitable, the Log4j attacks chose another angle: open-source software. By exploiting vulnerabilities in Apache, hackers were able to bypass security protocols in everything from Minecraft to Twitter. They had access to users’ data, passwords, and other sensitive information.
Given the successes of these attacks, supply chain attacks aren’t going anywhere.
Most Companies Suffer Supply Chain Breaches
Approximately 25,000 user accounts are affected in a typical security incident, and the Ponemon Institute and IBM report that a typical data breach in the United States costs a company around $8 million. Additionally, according to Infosecurity, 98% of global organizations have suffered a supply chain attack at some point, and these attacks tripled between 2020 and 2021. With this in mind, the question security professionals should be asking is not what to do if their company is attacked, but rather what to do when their company is attacked. Any company could be attacked at any time.
Because attackers typically use a single vector to mass-distribute malware, it can be difficult to track down exactly who is affected. Infosecurity reports that 42% of companies who discover an issue don’t ever know whether the issue was resolved, and only 3% of companies regularly monitor their supply chain. To improve their responses to supply chain attacks, companies need to improve their security postures with improved monitoring and data protection.
Securing Sensitive Data Against Supply Chain Exploits
Following security best practices can improve an organization’s ability to protect user data. Restricting access to data is a good first step. By limiting access to data to only authorized users or people who actively use that data, companies can reduce the number of access points to that data, thus limiting potential attack vectors. This also narrows the pool of potential vulnerabilities as authorized users would need to identify themselves before accessing the data. It is also useful to encrypt data as much as possible.
Managing data effectively is also important for security. Regular risk assessments and data discovery, classification, and masking are useful for understanding how you use data, and what data is at risk or how an attacker might access it. Regular, functioning data backups are imperative to an incident response plan as having a backup (preferably one isolated from your environment, such as a cloud solution or a physical backup kept at a separate location) can reduce the impact of a ransomware attack. There’s no need to ransom data when there’s an easily restorable copy available.
By staying on top of security protocols and data management, organizations can mitigate the risks of a supply chain attack. Although these attacks aren’t going anywhere and are very likely to strike a company, there are ways to minimize the damage and keep response times short. Short response time equals less downtime, and that puts companies in a better position to protect their revenues and reputation.