Glen Maloney from ExtraHop highlights the need to buttress security protocols across the supply chain.
Already under pressure as a result of pandemic-related disruptions, global technology supply chains are facing increasing threats of cyber attack.
During 2020, high-profile incidents such as the SolarWinds SUNBURST supply chain attack and the ransomware attack on Kaseya showed how disruptive a supply chain attack can be.
The attacks were also clear evidence of the urgent need for IT security teams to locate infrastructure blind spots and close off supply chain vulnerabilities.
Assess your suppliers
Having a thorough knowledge of your key technology suppliers is vital when it comes to warding off supply chain attacks. To ensure the security tools you have in place can be effective, it’s important to know whether those suppliers are asynchronous, synchronous, or a technology or service provider.
Synchronous suppliers are often preferred within supply chains. They provide a vibrant and connected ecosystem where information can be collected, analysed and utilised in real-time.
However, while this can deliver accurate visibility, it can also be highly dangerous as it’s connected to core applications within the infrastructure. For example, large organisations such as banks often have extranets and demilitarised zones (DMZ) where they exchange valuable data with third-party partners. This opens additional risk if these are connected to other critical systems.
Synchronous supply chain areas need to be segmented so that only the exposed parts of the networks are visible, without enabling access to critical systems which aren’t needed for the zones. This will significantly reduce risk and closes what might have been a wide-open door to cyber criminals.
Asynchronous suppliers, where there is space to share information via emails or collaboration tools in a shared and synchronous zone, limit the wider network exposure but still continue to pose some risks. This risk is limited, as internal IT systems aren’t connected, however these zones are prime channels for phishing emails and malware in documents.
It should also be remembered that risk differs between technology partners and service providers. Companies devote hours ensuring they pick the right technology partner, where security needs to be a key consideration.
If a technology partner doesn’t have security processes in place to match the rest of the supply chain, it quickly becomes the weakest link and thus the most attractive target for cyber attackers. At the same time, it’s important that service providers within the supply chain are regularly updated to resolve lurking vulnerabilities and maintain a strong security posture.
Aim for balance
When assessing suppliers, it’s important to agree on similar systems and standards, especially when it comes to data exchange and core infrastructure. Every organisation has its own proprietary way of operating, however it’s vital there are common standards across suppliers to minimise friction.
Another area of concern is the different levels of risk assessment that will sit across the supply chain. Agreement on the minimal, viable security posture is critical, and even more pressing is making sure suppliers implement this security posture.
All sides of the business will need to align on both when and how to implement security measures. When it comes to partners, they should frequently test and audit shared IT infrastructure to uncover any potential vulnerabilities or leaks.
Previous supply chain attacks serve as a stark reminder that vendors and suppliers should check their IT systems often and never assume that certain controls are in place.
Minimum steps are never enough
Securing your supply chain doesn’t stop with agreement on standards. Significant resources also need to be allocated toward maintaining the chain from start to finish.
Unfortunately, if the reviews undertaken are not rigorous enough to be effective, this will have major repercussions in the future. The threat is dynamic and security teams need to be outpacing cyber criminals. It can be worth ranking suppliers on how critical they are and what risk they could pose.
Also, if there’s limited visibility into a key supplier’s infrastructure, security professionals need to plan for worst-case scenarios such as supply chain leaks or backdoors. This practice is common for internal risks, but less common for external suppliers.
Having network detection and response tools in place to track and record all network activity can prove vital to preventing or eliminating a supply chain attack. A full picture of movement within the network enables quick action to uncover attacks, understand the current extent of damage and rapidly remediate vulnerabilities to stop and prevent further damage.
It's clear that supply chain attacks are growing in both number and sophistication. By taking these recommended steps today, you can significantly reduce the chance of your organisation becoming a victim tomorrow.
Glen Maloney is the ANZ regional sales manager at ExtraHop.