Topics In Demand
Notification
New

No notification found.

Three focus areas to avoid supply chain cybersecurity attacks
Three focus areas to avoid supply chain cybersecurity attacks

March 15, 2021

16

0

Supply chain cybersecurity attacks have been in the news lately, but they’re nothing new. Nation-state adversaries have been targeting and abusing supply chain vulnerabilities for years.

These vulnerabilities are an easy “in,” giving attackers an open the door to more lucrative targets. Managed service providers (MSPs) and managed security service providers (MSSPs) are particularly attractive targets because they hold the keys to many different customer organisations. For instance, hundreds of dental office customers were hit by ransomware after their shared MSP was compromised.

We’re All Targets

“I didn’t think we would be a target” are words spoken by compromised organisations all too often. Yet the truth is we’re all targets. 

We’re all links in someone’s supply chain, and that makes us susceptible if we’re not protected.

It’s easy to imagine how one might be a backdoor into a military contractor if they supply them with services or tools, but would you consider your local nail salon to be a supply chain risk? Well, you should. 

An attack against a large company began by compromising a local salon and using their billing system to send malicious PDFs to executives at the company who used their services.

Where to Start

There’s a tremendous opportunity for MSPs and MSSPs alike to improve supply chain security defences – both internally and for the customers that they serve. This might seem like a daunting task, but you can tackle it often with immediate and measurable results by focusing on three important areas:

1. Authentication

Service providers need to stop sharing passwords. It sounds like common sense, but it’s an ongoing problem. 

We can no longer afford to have a lax approach to security. Phishing one member of your support staff is enough in many cases to destroy your reputation and potentially your business in one incident. 

No different from traditional IT departments, accounts that possess privilege should only be used when needed, and they should always require multi-factor authentication. All usage should also be logged and reviewed frequently.

2. Access rights

Should every technician be allowed access to every client? Perhaps, but probably not. Often, groups of clients, especially key customers, have a dedicated support person or team. No different from how we segment networks to provide audit points and contain risk, privileges require bounds.

Logging is critical in recognizing unusual access – like off-hours use or access to an account assigned to a different team, which can be signs of insider fraud or an external threat actor preparing to launch a ransomware attack.

3. Monitoring for compromise

Monitoring is often under-resourced as opposed to prevention. The problem is, we know that prevention isn’t always 100% achievable, yet when it comes to detection and monitoring for the failure of our preventative controls, we are too reactive.

Once an attack becomes obvious it is often too late. By the time a criminal pulls out the ransomware, they have already stolen critical data and, more often than not, have had access to your network for 30 days or more.

The use of legitimate accounts and your own tools is often referred to as Living Off the Land (LotL). Detecting this requires vigilance and skill. To a trained security operations centre analyst, these things stand out clearly and can tip you off to thwart the attack before the bulk of the damage has been done. 

You either need to invest in training your staff to monitor these behaviours or engage with outside experts to monitor them on your behalf.

Source

This article has been produced on behalf of Sophos by Times Internet’s Spotlight team.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


PremKumarit

© Copyright nasscom. All Rights Reserved.