Worried about supply chain attacks? Tom Merritt can help you understand your risk.
Whether its Stuxnet, SolarWinds or Microsoft Exchange, chances are you've read about supply chain attacks. But, hey, you follow all the security procedures right? You're not going to get targeted, right? Hmm.
Here are five things to know about supply chain attacks.
- It doesn't target you. It targets your suppliers. Hence the name. You trust your suppliers so you let them in your network. At its base, a supply chain attack looks for a weak link in the companies that deliver you services and attempts to get into your network through them.
- It can affect almost any industry. Financial, energy, manufacturing, transportation. Any business that uses services and makes money could be a target of a supply chain attack.
- It may or may not involve either hardware or the internet. Most of top of mind is Solar Winds, of course, where that company was breached and then multiple clients who used Solar Winds software were breached. It used to be more associated with hardware attacks, like installing rootlets on electronics in the factory. Although technically if you contract to a warehouse to guard your goods, and that warehouse gets robbed, it's a supply chain attack.
- Open source is a target. Attackers often try to compromise open source development or distribution to gain a foothold into companies. Thankfully, the number of eyes on open source software helps defend against these attacks but that won't stop the bad guys from trying. So, be one of the contributors helping keep it secure.
- You have a lot of ways to defend yourself. Even though you're not in charge of the vulnerability in this case, you have options. Make sure your vendors meet tough security standards and agree to third-party testing. And there are multiple ways to defend within your network and scan for malicious activity.
Supply chain attacks are not new but they also aren't going away. Gone are the days of buying cheap software and not worrying about it.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up todayAlso see
- Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk (TechRepublic)
- Cybersecurity: Don't blame employees—make them feel like part of the solution (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)