Estimated reading time: 2 minutes, 4 seconds

broken chainThe answer is that you should be caring about the security of your supply chain more now than you ever have. In fact supply chains have had a relative free period for many years because… well, because it’s a supply chain and not something hackers can easily monetize. But the games and the stakes have changed.

 

Multiple malware researchers including Symantec report that attacks on supply chain operations increased 200% in 2017. The reports say the attacks center around cryptocurrency rather than more historically standard zero-day attacks which makes sense because there may be financial gains to be had. But Crowdstrike identified other breaches that took advantage of more standard applications to gain access through permissions normally allowed to them. They included Avast’s CClearner and the Apple Mac oriented HandBrake media player.

Preying on the chain

If financial motivation is a secondary issue for cyber criminals targeting supply chains what can they be hoping to achieve?

Disruption

Competitors may want to delay products in transit and the US is the target in nearly 30% of all targeted attack incidents, making it the largest recipient. More than 70% of the attacks are initiated via spear phishing, the practice of singling out a single organization and using email tactics to gain access to company assets. The access these attacks achieve allow them deep access to all kinds of company functions and information.

Other research including much political investigation is finding attacks initiated by nation-state actors to cause different kinds of disruption. The motives cover a wide spectrum but typically attempt to disrupt standard operations and practices. There is increasing speculation that advanced persistent threats (APS) are being deployed in industrial computing systems including the US electric grid. Certainly a coordinated attack there would disrupt the supply chain and more.

Intelligence

While disruption is a significant threat, 90% of attacks are aimed at intelligence-gathering. That includes surveillance, spying, and theft of intellectual property. Again many of these kinds of attacks are conducted by nation-state sponsored groups. But the rise of what has been supposedly benign social media interactions is raising speculation that there is more at stake than cat videos when access to internal enterprise systems is compromised through malicious attachments and links.

As supply chain performance becomes more important and time frames tighten the effects of cyber attacks on supply chains can be devastating. Make certain your cyber security team has all your company’s supply chain technology under its surveillance.

 

Last modified on Monday, 26 March 2018
Read 1508 times
Rate this item
(0 votes)

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline