Northdoor comment:
Kaseya cyber attack highlights cyber security risks within supply chains
The recent global ransomware attack on software provider Kaseya, has once again highlighted the vulnerabilities within supply chains and third-party relationships.
The attack, carried out by Russian cyber-criminal group REvil, targeted Kaseya’s cloud-based IT management and remote monitoring platform, VSA. The nature of the software exploited meant that it was a particularly effective attack. Kaseya is used by Managed Service Providers (MSPs) and IT consultancies around the world, so the hack not only took out the systems of MSPs, but also all of their customers too.
Initially, Kaseya claimed that the hack only impacted 40 on-premise clients, but the nature of supply chains and the software involved means that the final number of victims is likely to be in the thousands. REvil has demanded $70million to release and pass over the decryption key.
The nature of supply chains cyber attacks
Criminals are increasingly using supply chains and routes through third parties as weak entry points into companies. More often than not, the method of attack is through deployment of ransomware. The eventual outcome of not employing sufficient ransomware protection is that companies risk losing huge amounts of data and infrastructure, resulting in financial and reputational damage unless they pay a ransom.
This ransomware attack through Kaseya has the potential to be huge with the number of companies involved. It has similarities to the SolarWinds attack in December 2020 where criminals gained access through the IT firm’s software to attack Fortune 500 companies and the US Government, causing chaos and significant reputational damage. The CloudHopper attacks that seem to have originated from China are another example of where companies are breached through their managed service providers. The attacks are increasing in number and levels of sophistication with criminals now actively targeting supply chains and third-party connections.
The nature of technology and the way we work as a result of the pandemic means that there are more cloud based updates and virtual transactions across supply chains than ever before. For too long supply chains have been ignored in terms of cyber security. The number of high profile attacks over the past two years means that this can no longer be the case.
Indeed, recent DCMS research has shown that only 12 percent of organisations review their cyber security risks coming from their immediate suppliers, and only one in twenty firms (five percent) address vulnerabilities across their wider supply chain.
Uncovering cyber security threats in the supply chain
In order to gain a better understanding of supply chain vulnerabilities, some companies are turning to AI-assisted, automated, and centralised 360-degree security risk rating management systems. These solutions protect their critical supply chains by generating objective, quantitative reporting on a company’s security risk and performance. It also enables organisations with evolving business requirements to conduct business more confidently in the digital world we live in.
Having such a view of your entire supply chain makes it immediately clear where the potential vulnerabilities lie within your partners’ systems. By highlighting these to them you are able to make a decision as to whether they are doing enough to close the gaps, or whether you should be looking elsewhere for more secure partners.
It is vital to protect the whole supply chain against cyber threats and ransomware attacks
Obviously, these types of solutions also help when looking for new partners too. They not only ensure that the budget you have spent on your own defences is not wasted by leaving the back-door open, but it also encourages the whole supply chain ecosystem to improve their own cyber defences.
Cybercriminals will always look for the easiest route to the data they want to exploit. The more all companies within a chain can do to secure their systems, the less appealing it will be for the criminal. Share on XCybercriminals will always look for the easiest route to the data they want to exploit. At the moment that is very much focused on supply chains. The more all companies within a chain can do to secure their systems, the less appealing it will be for the criminal. It appears to be far too easy at the moment for criminals around the world to gain access to all types of organisations.
Supply chains have to be taken seriously if we are to be more effective in closing gaps and putting these criminal enterprises out of business.