Unveiling the unseen: Safeguarding your supply chain from stealthy hackers
Successful operational networks can take years to source, establish and perfect. Built upon trust and communication, it can provide the connected businesses a competitive advantage, and an efficient way to bring products to market.
Within the fundamentals of any good supply chain – strategy, service and cost – where do you factor in IT security?
Do you factor it in at all?
As supply chains become more integrated and digitalised – how do you protect the data of your business, as well as the other businesses in your network?
According to the Cyber Security Breaches Survey 2023 just over one in ten businesses say they review the risks posed by their immediate suppliers (13%). Medium businesses (27%) and large businesses (55%) review immediate supplier risks. The latter result is up from 44% of large businesses in 2022.
It’s abundantly clear that attitudes and priorities (particularly in smaller businesses) need to be changed to minimise this significant gap in security.
Cyber criminals are opportunists and will take advantage of any weaknesses in a supply chain. Smaller third-party companies can be easier to break into than bigger companies. So if hackers can gain access undetected, they will move their way up stream, to the bigger links in the chain.
Recent news has revealed that this week British Airways, Boots, and the BBC have launched investigations into the suspected theft of employee personal information following cyber attacks attributed to a criminal group with links to Russia.
Confirming its involvement in the breach, British Airways acknowledged being targeted by the hack that specifically aimed at exploiting MOVEit Transfer, a payroll provider’s software utilised by Zellis.
The criminal group, Clop, have issued an ultimatum that if their demands are not met, stolen payroll details will be posted online, including staff names, addresses, National Insurance numbers and bank details.
A chain of supply can be complex.
So finding harmony between limiting potential exposure, but also enabling enough links to conduct business operations, is the tricky part.
Factoring in what your supplier’s security looks like, is key, as well as communication about what your expectations of security are.
Every part of the chain needs to have an awareness and importance around security, and a way to report any incidents.
But it shouldn’t stop there.
Regular monitoring and continuous improvement are also invaluable.
Increase monitoring from security information and event management (SIEM) tools, and implement remediations from any critical alerts.
Another thing to consider is ‘user behaviour’. There is nowhere to hide from the fact that 95% of security breaches are attributable to human error. Therefore, establishing good training, policies and practices, like choosing strong passwords, multi-factor authentication, or biometrics and hardware certificates – are critical.
Many of the attacks that are successful begin with an employee clicking on something they should not have, or failing to follow security protocols. It is unfortunately true that mistakes will happen and that breaches will occur.
This fuels the argument for adopting zero trust network access. This approach assumes the network is hostile and each access request is verified. Every file or data is only accessible after the connection request is scrutinised and access has been granted.
Most standard cyber defences, such as firewalls and malware protection, serve to secure the systems from external attack. Anti-virus is used by most companies and is effective against known threats, but is increasingly inadequate against the growing sophistication of criminals.
Adapting to a continually evolving threat landscape is a huge challenge for security professionals. There are examples where even multi-million pound security budgets have failed to prevent data breaches. It is no longer a case of ‘if’ your cyber defences will get breached, but ‘when’.
Rapid threat detection is key.
Trusted Cloud detects hacking attempts in seconds.
Working in collaboration with the University of Oxford, CyberHive broke new ground in the cyber security space with Trusted Cloud – an innovative technology that secures hardware through advanced cryptography to protect your data.
The award-winning solution works to detect breaches in real time, which is invaluable within a highly integrated digital supply chain, where you don’t necessarily know the security posture of your partners.
Attacks that could potentially go unnoticed for months by other leading security technologies, but with Trusted Cloud, would be flagged in seconds, ensuring that no unauthorised code can run undetected throughout your entire server estate.
For more information on how CyberHive Trusted Cloud can tip the balance in your favour, contact – [email protected]
Get in touch
If you have a question or would like some more information, contact us today.