Weekly Blog

How to Protect Data Against Supply Chain Attacks

Date 6 Jan 2022

No “rational” cyberattacker will ever scoff at the possibility to damage two organizations at once. Now consider a possibility where they can breach hundreds, thousands, or even millions of organizations with the invested efforts of just one! - This is what a supply chain attack presents, an offer that attackers simply can’t refuse.

According to recent reports, 50% of all cyberattacks now target organizational supply chains with the lucrative motive of compromising countless organizations together. This situation has transpired to such an extent that supply chain attacks have grown by 430% in this last year alone.

The recent Kaseya VSA incident is one of these numerous supply chain attacks that had put the security of over 1,500+ SMEs at stake worldwide. The notorious REvil ransomware attackers exploited known vulnerabilities in Kaseya's IT management platform and allegedly cost the market player over $70 million ransomware.  Adding to the horror, not long before, the US had witnessed the stirring SolarWinds supply chain attack in 2020. It shook more than 18000 users, including several key US government agencies.

These recurring compromises of top global players are a stringent reminder that even the most sophisticated security defenses can be breached through legitimate third-party processes. As these supply chain attacks become more sophisticated and prevalent, it is essential that you take the right steps to make your supply chain more secure. 

We have compiled 5 ways to help you do just that. 

Let's start with the basics.

What Is A Supply Chain Attack?

A supply chain to a business is what a pillar is to an upstanding monument - one disruption and you are likely to find yourself in the debris of the collapsed infrastructure.

The supply chain is a pivotal part of any business’s operations. It is a complex network of interconnected players, involved in the creation and sale of a product. When a cybercriminal infiltrates and damages an organization by targeting the less-secure elements of this widespread network, this unfortunate phenomenon is termed a supply chain attack.

Such attacks involve physical tampering with electronics (computers, power systems, ATMs, data networks, etc) to install unidentifiable malware and bring harm to a player or players further down the supply chain network. Vendors and suppliers are typically the primary targets of such attacks because they serve as a direct gateway to infect update servers or development tools, insert code into executables, or replace real packages with fake ones to create a compromise.

Why Are Supply Chain Attacks Increasing?

To get an answer to this question, take any industry into the picture- the financial sector, oil industry, government, anything- you will notice most vendors have direct (user account) access to the data of their users. Meaning, when a vendor will be breached, its users at the edge will also get indirectly targeted. These users include partners, clients, and their respective users as well - the numbers on this web could very well go up to millions. 

Emitting light on the spider web effect of a supply chain attack, the most obvious reason for its popularity is the far greater rewards for an awful lot less work.

How To Protect Data Against Supply Chain Attacks

The best answer is, by strengthening supply chain security. 

Supply chain security focuses on the risk management of external suppliers, vendors, logistics, and transportation. The goal of supply chain security solutions is to identify, analyze and mitigate risks involved in working with these other organizations. 

Here are the top 5 strategies to Protect Data Against Supply Chain Attacks by strengthening your supply chain security -

Establish protective layers

In this cyberwarfare, being prone to a data breach is inevitable. And in a situation where an attack may arise, having pre-established cyber-defense layers across all vulnerable attack vectors in your organization i.e;  the people, processes, and technology can prove highly useful. 
Here’s how you can approach these protective layers.

  • Protecting your people - Awareness training is the key to efficient employee protection. Your awareness plan should aim at educating your staff on all parameters of security. This includes company policies, password security, and also social engineering attack methods.  A better understanding of such threats will allow your employees to quicken reactions in case of a possible breach. 
  • Protecting your processes - All Internal processes can be controlled, and hence, protected by introducing Information Security Policies (ISP). ISPs set the boundaries of all approved internal processes. In addition, you can also restrict the access to sensitive resources to only a specific number of trustworthy staff by applying the Principle of Least Privilege (PLOP).
  • Protecting your technology - For best results, multiple layers of defenses should be established around internal technologies. The more layers that are implemented, the fewer chances of a threat to penetrate critical infrastructures.
    Here's are a few parallel technology defenses that you can deploy
    • Antivirus software- Keep your antivirus software up to date and make sure it is well adept at identifying and nullifying the latest threats.
    • Multifactor authentication- Although repetitive, according to Microsoft, multi-factor authentications help block up to 99.9% of automated cybercrime. It can also identify unauthorized access attempts.
    • Implement attack surface monitoring solutions- Along with protecting internal technologies, it is equally or even more important to protect external vendor technologies considering they are the initial targets. 

Prioritize privileged access management (PAM)

Right after countering your system defense, cyber attackers will aim for a PAM combination (people, processes, and technology) to breach your business-critical assets. This privileged attack pathway is extremely common among cybercriminals and has been used to breach multiple US federal government agencies in the past, causing humongous losses.

Securing this privileged access will allow you to completely seal off any unauthorized pathway and activate only those access pathways that are protected and closely monitored. 
Here is how you can implement a secured and protected PAM framework at your organization -

External PAM defenses
You can prevent threats from being introduced into an ecosystem by involving effective threat methodologies in your PAM framework. These include-

  • Educating the staff- It is a misconception that insider threats are always intentional, some malicious activities performed by employees are accidental too. In fact, studies show that over 95% of cybersecurity breaches are caused by human “error”. The most common form of such errors is engaging with email scams/phishing attacks that release malicious codes and steal internal login details. To help your staff not fall prey to such scams, educate them about phishing attacks, ransomware attacks, malware attacks, clickjacking attacks, Social engineering attacks, etc. 
  • Detecting vendor data leaks- Data “leaks” are the unintentional disclosure of sensitive data which, when left unattended could lead to severe supply chain attacks. The most effective way to cater to such leaks before the attackers can move ahead in the breach cycle is by deploying a third-party data leak detection solution.

Internal PAM defenses
Even if the breach has slipped past the external defenses, active internal defenses can still save your data from being compromised. The two most used internal PAM defense strategies include 

  • Implementing and identifying Access management and 
  • Encrypting all internal data using an Advanced Encryption Standard algorithm (AES)

Create an incident response plan

Waiting for an attack to happen is the worst you can do while approaching protection against supply chain attacks. Instead, a full-fledged incident response plan that addresses a whole range of incidents that “could” occur and offers appropriate responses for each case (risk-based) is the ideal way forward. Establish a coordinated approach to managing your supply chain environments and incident response plan to drive a well-synced process. 

The assumption of suppliers handling everything for you will do you no good. If your supplier has an incident response team, it is your responsibility to understand how that team will or will not be integrated into your own. If they do not, you must encourage your third-party suppliers to have an incident response plan in place so they are adept with quick responsive actions that automatically mitigate any potential risk to your organization. 

Regular third-party risk assessments

In the wake of the SolarWinds attack, in particular, organizations need to look at their software suppliers, particularly those with software that has privileged access to company assets- Kelly White, CEO, and co-founder of RiskRecon.

Third-party risk assessments are important to identify and disclose each vendor's security posture and any concerning vulnerabilities. Organizations have a 27.7% chance of suffering a data breach, and almost 60% of these breaches are linked to third parties. Unfortunately, not all vendors are likely to take your cybersecurity as seriously- which brings down your supply chain defenses to you.

To defend against the inception of any supply chain attack, i.e; your vendor, map out all of the vendors currently accessing your sensitive data and their respective access levels. According to a recent survey of risk management professionals by Mastercard’s RiskRecon and the Cyentia Institute, 79% of organizations currently have formal programs in place to manage third-party risk. The most common risk assessment methods are questionnaires (84%), and documentation reviews (69%).

Upgrade your current security solutions 

Security Information and Event Management (SIEM) is one of the most commonly deployed security solutions in the cyberworld. It is a traditional platform that aggregates logs and allows your analysts to query data - point-in-time - for “known” security threats. However, considering the pace and dynamicity with which cyber attackers are evolving today, a modern solution that not only aggregates data but also does it in real-time toindicate both to indicate and “unknown” threats is the better way forward. One such modern tool is UEBA (User and Entity Behavior Analytics).

Unlike SIEM, UEBA is built to process huge volumes of data to analyze patterns of both human and entity behaviors and detect threats in real-time to enforce remediation. It utilizes machine learning algorithms, behavior-based security analytics, and artificial intelligence to not only identify but also “predict” threats.

“While SIEM is a core security technology, it has not been successful at providing actionable security intelligence in time to avert loss or damage” - Mike Small, Analyst, KuppingerCole.

SIEM delivers alerts based on events that may or may not be malicious in nature. This generates a high proportion of false-positive alerts and often leaves “actual” threats undetected. On the other hand, UEBA eliminates the possibility of false positives by ranking risks and controlling them based on the level of threats they pose. This feature of UEBA allows enterprises to reduce huge damages or losses.

Protect data against supply chain attacks with Binary Flux

Attackers are constantly looking for vulnerable gateways to breach into organizations and you might be their next target. Increasing transparency of your supply chain, building a trusted relationship with your suppliers, and having an effective response plan in place can help you reduce and even mitigate these supply chain risks. And, for a more optimum experience, Binaryflux can automate these activities for you.

Protect yourself, your customers, and your partners with the advanced neural brain technology of BinaryFlux. 

BinaryFlux helps organizations detect, prevent, and also predict supply chain attacks with the help of its modern UEBA and SOAR integration. It empowers firms by constantly monitoring for vulnerabilities and data leaks in real-time and implements a response plan that considers the entire supply chain management and ecosystem. We support and comply with all security frameworks and aim to eradicate cyber attacks from the roots altogether.

Want to see how we can help you? 
Click here to book a DEMO.


22 Jan 2022 • BinaryFlux Team