Supply Chain
Supply chain attacks occur when threat actors compromise and utilize one third party resource to reach many targets, often the customers of the third party. All third-party suppliers are at risk as are their customers, each with the responsibility to protect their own systems from these attacks.
Look for Early Indicators.
-
Unusual software behavior - Trusted software behaving unusually may indicate a supply chain attack.
-
Outdated software - Keep software up-to-date to reduce the risk of a supply chain attack.
-
Third-party breaches - Monitor third-party security updates closely to prevent attackers from gaining access to your organization.
-
Suspicious network activity - Unusual network activity, such as data transfers to suspicious IP addresses..
When a third-party software vendor is compromised and the threat actors inject malicious code into the otherwise benign third-party tool or update, each customer that downloads the tool (or automatically deploys it) unsuspectingly receives the malicious payload. It is critical for third party vendors to monitor, remediate and communicate flaws, vulnerabilities, or backdoors that can impact their customers. Small and medium businesses must hold third-party vendors to a high standard of cybersecurity controls especially as it pertains to applications, tools or other software used in critical business operation.
Small and medium businesses are often implementing tools from large enterprise-scale third party vendors and assume these products are designed with security risk in mind. Many examples of wide-spread supply chain attacks demonstrate that the industry is not yet at that point.