What are supply chain attacks?
Whether our main activity is the provision of services or industrial, cyber-attacks derived from company suppliers are becoming more and more common. Since 2021 there has been a 300% increase in this type of cyber-attacks and, in fact, it is predicted that by 2025, 45% of the attacks suffered by companies, will be from cyber-attacks on their suppliers.
How are these types of attacks carried out?
As we have been explaining, cybercriminals use different methods to attack companies of all sectors, sizes and activities. Once they get information, especially related to customers of that company, they try to extend their reach to those customers. Especially if you are dealing with other companies that may be of interest to you.
Depending on the service or product being provided by our Supplier, cyber-attacks derived from the supply chain can affect us in the following ways:
- If we use technologies or services shared with our Supplier: The attack in this case would be almost immediate by computer and we would be affected at the same time as our supplier, simply because the systems are interconnected. Example: A cyber-attack suffered by Microsoft that affects our corporate email or also a cyber-attack to an external collaborator, who accesses our platforms to provide their services or give us remote technical maintenance support in case we are an industrial company.
- By means of fraudulent communications impersonating the identity of the trusted provider: These communications, as we have explained on other occasions, can be received by email, phone call or short message (e.g. SMS, Whatsapp, TEAMS, Skype, Social Networks or any other chat platforms).
How can we detect them?
Applying a Zero Trust culture:
- At the company or entity level (public or private), to choose our suppliers, providers and suppliers of services, products and technologies appropriately. It is important that they have the same level of commitment to safety as that required internally in our organization.
- At the technical level, it involves using double factors to connect users to systems, setting minimum management privileges to limit the damage that can be caused and monitoring computer systems to detect any anomalies in time. These anomalies can sometimes be detected by the direct users of these systems. As happens when we cannot make use of a technology (mail, application, web, etc.) or in companies with industrial activity with respect to anomalies in the production lines.
- At the User level, be wary of any urgent, demanding or unusual communications and, especially, of those communications that seek to change invoice payment methods. Whenever a Supplier requests a change of account number for future payments, we must omit this communication, contact the sender by other means (mail, telephone or official contact) and request proof of bank ownership.
IMPORTANT NOTE:
- If, despite complying with all these measures, you encounter situations that do not comply with the required security level or those established in internal policies, do not hesitate to communicate it to your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately and report the cyberattack to the police police authorities.