Attacks on the supply chain can yield a high return on investment for cybercriminals and Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains, a threefold increase from 2021. In fact, with the global software supply chain becoming increasingly interconnected, Gartner has identified digital supply chain risk as one of its top seven security and risk management trends for 2022.
Last year, cyber threats on global supply chains were very much in the spotlight following the unprecedented attacks on Colonial Pipeline, Kaseya, Gitlab, JBS, and SolarWinds, all of which had far-reaching consequences for businesses and customers down the entire chain.
Supply chain attackers in 2022 will take full advantage of a global lack of monitoring across the chain. Bad actors increasingly view software and developer infrastructure, platforms, and providers as entry vectors into organisations, governments, and critical infrastructure. For example, the November 2021 FBI account takeover was achieved via a phishing email from a hijacked trusted supplier account.
IBM’s 2022 X-Force Threat Intelligence Index reveals how last year, ransomware actors attempted to "fracture" the backbone of global supply chains with attacks on manufacturing, which became 2021's most attacked industry (23%), overtaking even financial services. As Charles Henderson, Head of IBM X-Force, said, "Cybercriminals usually chase the money. Now with ransomware they are chasing leverage." Even security vendors can be targets. High-profile cybersecurity vendorsFireEye, Microsoft and Malwarebytes all fell victim to SolarWinds, for example.
May 2021 saw two momentous cyber-attacks on supply chains. One forced Colonial Pipeline to suspend all operations for the first time in its history. This caused an immediate disruption in the entire nation’s fuel supply along the EasternSeaboard, and shortages and spikes in the price of gas. Another ransomware attack forced JBS to temporarily shutter its U.S. facilities, which supply 23%of US beef.
According to various sources, the perpetrators (REvil and DarkSide) both have ties toRussia, and according to the New York Department of Financial Services, theSolarWinds attack was also attributed to a sophisticated cyber campaign byRussian Foreign Intelligence Services actors.
The increase in remote and hybrid working has dramatically expanded the attack surface for all organisations, across all industries. Although larger companies may be equipped to cope with this, smaller companies are already struggling – and those smaller companies are often part of the supply chain of the larger corporations.
Although a ‘cyber conflict’ has been growing over the years betweenRussia and Ukraine – with attacks on Ukrainian infrastructure including state institutions, government websites and power grids – since the Russian invasion, the number of cyber-attacks on Ukrainian organisations has risen sharply, and they have begun to affect other countries through partnerships and supply chains.
Various Government officials are warning organisations to prepare for an increase in cyber-attacks on businesses and critical infrastructure. One gang of cybercriminals known as “Conti” – who have publicly supported Russia in cyber warfare – were revealed in a recent report by the U.S. Department of Health & Human Services (HHS) to have historically targeted U.S. health care organisations with ransomware attacks designed to encrypt systems and steal information.
The NHS, for example, is examining the resilience and flexibility of its supply chains, because it is a prime example of a multinational organisation comprised of fragmented trusts, with different budgets and different security measures (or lack thereof). No one knows how protected the other links in the chain are.
In 2017, Kremlin-backed hackers launched the NotPetya attack, one of the largest and most damaging cyber-attacks the world has ever seen. It impacted thousands of unrelated companies across the globe, paralysed US and European supply chains, and inflicted $10 billion worth of indiscriminate economic damage.
Victims included Maersk, the world’s largest shipping line, whose computer networks were shut down for two weeks, leaving their fleet of container ships unable to accept new bookings, bringing activity at 17 ports to a halt, and causing an estimated $300 million in economic damage. FedEx’sEuropean subsidiary, TNT Express, was also among the victims. It lost $400 million when its European shipments were paralysed.
Security officials are concerned that Russian hackers may directly target key European and US companies in retaliation for economic sanctions, and the US Cybersecurity andInfrastructure Security Agency (CISA) is warningUS businesses to brace for the consequences. However, there is now very little slack in the world’s supply chains to be able to withstand such attacks.
One particularly dangerous common cyber threat is keylogging, still incredibly effective in stealing confidential information such as usernames and passwords and sending them to malicious actors – along with other information that identifies further areas of weakness to other threats. Keyloggers do not disrupt device functionality, so often go unnoticed for long periods of time.
How can IT teams protect their organisations from increasingly weak links in the supply chain and threats such as keylogging, in this new era of heightened risk, BYOD programs, remote working and ever-increasing numbers of unmanaged devices?
Organisations must adopt a “Zero Trust” approach and prepare for inevitable breaches in the supply chain. They must shift their focus from just their own cyber resilience to the cyber resilience of their critical vendors and third-party service providers too. However trusted and longstanding those relationships are, they need to be audited and analysed from a cybersecurity standpoint.
Now is the time to review your risk assessment, educate your workforces, and get ahead of future supply chain attacks with threat intelligence and proactive security. In 2022, businesses must think beyond endpoint security – by securely isolating sensitive data and applications, including protections at kernel level.
SentryBay has pioneered a layered, shielded approach to data and endpoint security for the enterprise – a unique combination of application confinement, kernel level anti-keylogging, screen capture and DLL-injection protection, that helps enterprises achieve low-cost deployment, full regulatory compliance, and protects remote employees, suppliers, and anyone else you want to connect to your corporate network.
There is an increasing sense of urgency this year. The NHS has warned hospitals to bolster their cyber security defences and check the resilience of their supply chains in light of the war inUkraine. the UK’s Financial Conduct Authority (FCA) advised banks to strengthen their defences against such attacks and the National Cyber Security Centre(NCSC) has warned organisations to “bolster their cyber security resilience in response to malicious cyber incidents in and around Ukraine.”
In fact, Gartner predicts that by 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
Find out more about our new relationship with Stratodesk, where we provide an additional layer of protection both on managed and unmanaged devices. Also, about our Armored Client achieving VMware Ready™ status.
Download our latest white paper to learn more about how to deliver BYOD ina zero trust framework.
Subscribe to our newsletter
For the latest insights into the quickly evolving cybersecurity landscape, please complete the form below and we will share our newsletter, SentryPost.
For a demo of our solutions and the opportunity to chat to our expert team, please complete the form below.