Top 5 things to know about supply chain attacks

3 years ago 394

Worried about supply chain attacks? Tom Merritt can help you understand your risk.

Whether its Stuxnet, SolarWinds or Microsoft Exchange, chances are you've read about supply chain attacks. But, hey, you follow all the security procedures right? You're not going to get targeted, right? Hmm.

Here are five things to know about supply chain attacks.

  1. It doesn't target you. It targets your suppliers. Hence the name. You trust your suppliers so you let them in your network. At its base, a supply chain attack looks for a weak link in the companies that deliver you services and attempts to get into your network through them.
  2. It can affect almost any industry. Financial, energy, manufacturing, transportation. Any business that uses services and makes money could be a target of a supply chain attack.
  3. It may or may not involve either hardware or the internet. Most of top of mind is Solar Winds, of course, where that company was breached and then multiple clients who used Solar Winds software were breached. It used to be more associated with hardware attacks, like installing rootlets on electronics in the factory. Although technically if you contract to a warehouse to guard your goods, and that warehouse gets robbed, it's a supply chain attack.
  4. Open source is a target. Attackers often try to compromise open source development or distribution to gain a foothold into companies. Thankfully, the number of eyes on open source software helps defend against these attacks but that won't stop the bad guys from trying. So, be one of the contributors helping keep it secure.
  5. You have a lot of ways to defend yourself. Even though you're not in charge of the vulnerability in this case, you have options. Make sure your vendors meet tough security standards and agree to third-party testing. And there are multiple ways to defend within your network and scan for malicious activity.

Supply chain attacks are not new but they also aren't going away. Gone are the days of buying cheap software and not worrying about it.

Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

supply-chain.jpg

Image: Travel mania/Shutterstock

Read Entire Article