Cyber Security

Solving the supply chain attack challenge

Richard Beck outlines the measures necessary to secure organisations from cloud-based supply chain cyber attacks.

Let’s start with better understanding supply chain attacks. They are a significant threat that organisations face today. Cybercriminals can infiltrate an organisation through vulnerabilities in its supply chain. This might involve compromising software updates, third-party vendors, or other connected systems to gain access to the primary target’s network. 

Recently we’ve seen the NHS become another victim of a supply chain cyber-attack, and witnessed the significant consequences this can have on critical health services.  

Synnovis, a provider of pathology services to multiple London hospitals was the victim of a ransomware breach. Despite well-made government plans, this won’t be the last NHS related cyber breach, given the vast supply chain the NHS is critically dependent upon.

Such attacks highlight the need for robust security measures that go beyond protecting only the primary systems. National guidance has been issued in response to the heightened risk. 

Cloud based data breaches 

High profile supply chain attacks this year have targeted Ticketmaster and Santander, impacting hundreds of millions of individuals world-wide. Both relate to a third-party Snowflake cloud data breach.  

Snowflake is a leading cloud-based data warehousing service provider, enabling the storage, processing, and analysis of large volumes of data, seamlessly. Their platform supports data integration, business intelligence, and advanced analytics, providing a scalable and flexible solution for data management needs. They have a significant global customer base embedded within the supply chain of many household names. 

We spoke to QA’s Practice Director for Cyber Security, Richard Beck, about the extent of the risk. He believes “this has a long way to run, given the size of this customer base and overlapping vulnerabilities in the supply chain”. 

Supply chain users are consistently targeted by cyberattacks known as ‘credential stuffing’, an identity-based attack. These involve cybercriminals using stolen login details, such as usernames and passwords, obtained from data breaches. They then try these credentials across multiple platforms, taking advantage of the fact that many people reuse the same passwords for different accounts. Crucially, accounts that have failed to enable multi-factor authentication are the most vulnerable. 

This has prompted the Australian government to issue a stark cyber-attack warning, and Snowflake themselves released guidance to its customers to mitigate the risk.  

Credential stuffing is particularly effective because it can be automated, allowing attackers to try thousands of login combinations rapidly. Once they gain access, attackers can steal or ransom data, access internal systems, and even withdraw money from accounts. 

Four steps to mitigate identity-based attacks 

Richard is here with his expert advice, offering four key steps to ensure your organisation isn’t the next victim of identity-based cyber attack: 

  1. Enable Multi-Factor Authentication (MFA): MFA requires users to provide two or more verification factors to gain access, making it harder for attackers to succeed even if they have the correct password. Richard highlights, “it really is a no-brainer and incredibly simple to mandate, including in cloud and third-party services”. 
  1. Use Strong Passwords: Encouraging users to create unique passwords, using best practice, for different accounts reduces the risk of credential reuse. Don’t recycle passwords! Investigate password rotation options for API driven supply chain services. 
  1. Conduct Regular Security Training: Educate employees and users about the latest cyber threats and best practices. Ensure continuous education on emerging threats and provide relevant security skills to your defenders. 
  1. Implement Zero Trust Security: This approach assumes that threats could come from both outside and within the enterprise and wider supply chain. It continuously verifies every user and device trying to access systems, non-human identities, and services. 

The take-away  

Credential stuffing identity breaches and supply chain attacks are serious threats that require proactive and robust security measures.  

Richard asserts that “there are no good reasons for not mandating MFA, encrypting your data, initiating robust password policies, and implementing Zero Trust security, organisations can better protect their data, services, and systems from these evolving threats”. 

By fundamentally changing the security paradigm to ‘never trust, always verify,’ Zero Trust significantly enhances the ability to detect, prevent, and respond to supply chain attacks. Zero Trust skills enable organisations to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments throughout the supply chain. 

“Adopting a Zero Trust security model is no longer a choice” according to Richard, “but an urgent imperative for organisations. In an era where cyber threats are increasingly sophisticated and pervasive, traditional perimeter-based defences are inadequate”. 

Zero Trust takes things a step further by expecting threats both inside and outside your organisation and supply chain. It therefore requires continuous verification every step of the way. With this proactive stance, you can reduce risk and safeguard against persistent ransomware attacks, including identity breaches and supply chain compromises. 

Ready to level up your cyber precautions? Check out our industry first, technology agnostic Zero Trust Training.