The cybersecurity demands of modern supply chains

A proactive approach to managing risk is critical to protecting your supply chain in our interconnected world.

Supply chain risk is front-page news. Across the world, there are empty supermarket shelves, and international concerns around the energy supplies available to keep the lights on and trucks moving, leading to highly visible shortages of components and construction materials.

The ransomware attack on the Colonial Pipeline that carries 45% of the US East Coast’s supply of diesel, petrol and jet fuel was just one of the numerous breaches that have impacted global supply chains in the last 12 months. Maintaining agility may demand working with new partners – and quickly. But organisations must also manage the potential additional security risks, both to avoid reputational damage and to protect against the possible disruption costs following any ransomware attack or data breach.

The ongoing digitisation of the supply chain, often facilitated through the cloud, has delivered significant efficiency and cost benefits with shared data and systems in areas such as integrated planning and execution systems, logistics visibility, autonomous logistics, smart procurement and warehousing, spare parts management and analytics.

For some, such as Siemens, working at the bleeding edge of supply chain innovation, the creation of a cloud-based operating system means that the manufacturer can process data in real time from millions of devices and sensors in plants, systems, machinery and products dispersed throughout production processes and supply chains. Siemens may be working towards supply chain Nirvana, where processes and decisions happen with minimal human intervention. But the day-to-day reality for many suppliers, logistics providers, manufacturers, wholesalers and retailers across the globe is that business happens in browsers, on email and with shared files. And the more we use the Internet to collaborate, the more we’re exposed – in fact research has shown that web and email attacks are behind 90% of all breaches.

So, what proactive prevention steps can organisations take to avoid the growing risk of data loss and ransomware from online collaboration with new and existing supply chain partners?

 

It’s good to talk, but who is listening?

The increased adoption of cloud applications within the supply chain, accelerated by the challenges of Covid-19, has made the browser the most important productivity tool on any endpoint across the extended enterprise. At the same time, the vast majority of cyberattacks start with the browser and it requires little research by a determined attacker to understand your key suppliers and use this intelligence to target your users with bogus emails and infected attachments, websites and downloadable documents.

Supply chains are evolving to be as much about the efficient exchange of information as they are about the flow of goods and services. But where there is external information sharing, security specialists are rightly uneasy.  The Menlo Labs team has observed a steady rise in credential phishing attacks by creating fake login pages or forms to steal users’ credentials for commonly used services, including email and document exchanges with supply chain partners.

Even the most well-trained professional can fall victim to a seemingly normal website or email. Instead, enterprises are exploring strategies that isolate employees’ devices. Rather than detecting threats and blocking employees from accessing potentially malicious web content, this approach simply isolates all their endpoints from browser-based traffic.

How does this work exactly? Take a large, global manufacturer as an example. As many of their employees were engaged in digital research and communications, they were managing high volumes of phishing attacks and web malware. The result: infected devices that required costly, time-consuming reimaging. While anti-phishing training for employees was having some impact in reducing these attacks, many employees continued to click on infected links, leading to credential theft and malware infection.

Adopting isolation changed everything. Using isolation meant that all the unknown executable code from the Internet that employees previously came into contact with – including every website visited – was executed in a remote cloud container. Whether surfing the web, reading emails or downloading documents, it became impossible for malware to infect the user’s devices or the network they were connected to. Better still, end-users had no idea that these web sessions were actually occurring on the external Menlo platform, rather than on their PCs – as there was no impact on accessibility or performance.

 

Trust your supply chain partners with Zero Trust

In 2020, 62% of all companies were targeted by ransomware. Of those organisations that fell victim to compromise, research shows that 58% paid the ransom. But a startling fact is that a third of those that decided the best way to return to business as usual was to pay the ransom, never actually received the decryption keys or had their data returned. A severe loss on all fronts.

The moment a ransomware attack is detected, it’s too late. Your systems have been compromised, the attackers already have what they need, and no amount of remediation is going to turn back the clock to unwind the damage.

For many organisations we talk to, greater resilience to ransomware attacks means a Zero Trust approach to security.  The race is on to create an impenetrable air gap – culturally moving to an assumption that no traffic should be trusted. This includes browser-based Internet traffic, in addition to the content within every email and document attachment.

But Zero Trust must also work at speed and scale, making legacy on-premises, appliance-based proxies that conduct the standard URL filtering and sandboxing just too laborious and inflexible to stop the very real threat of ransomware in its tracks.

To reduce risk but maintain agility, fast moving organisations in the manufacturing, logistics and wholesale industries are deploying solutions to prevent malicious code from ever reaching the network perimeter—mobilising isolation-powered cloud security to shut the door on malware from within any supply chain communications for good. Obviously, isolation despite its many returns on investment, will not protect an entire supply chain.  Cybersecurity for these vital networks needs IT and security specialists to have conversations with a wide range of functions such as sourcing, vendor management and logistics, in a coordinated effort to reduce third party risk.

Whatever information security management system you have in place or how rigorous your compliance, your supply chain partners may not take their security controls as seriously as you want or need them to.  Knowing that these relationships create security gaps means a compromised supply-chain partner can become an all too easy entry point to your network. There is no industry framework that mandates isolation or Zero Trust as requirements but when it comes to managing third party risk, perhaps there should be?

 

For more information, please visit: www.menlosecurity.com

 

Leave a Reply

Your email address will not be published. Required fields are marked *