The year 2020 was notorious for the steep rise in cyberattacks and data breaches observed throughout the year, with the SolarWinds attack being the highlight that had the most disastrous impact. In this incident, hackers managed to install malware onto SolarWinds’ Orion software product, which led to infecting thousands of their corporate customers worldwide.
Given the success of this attack, which was achieved through unprecedented levels of stealth and executed with a single stroke, the ever-present danger coming from supply chain attacks has now become clearer to all. Thus, how can organisations better protect against similar attacks today and well into the future? Naturally, the first step is to learn the risk factors involved and identify them in one’s protection strategy.
Software supply chain attacks occur when hackers discover and exploit a latent vulnerability in a software product that can simultaneously affect the many organisations using it. In the case of the SolarWinds attack, the hackers successfully installed a backdoor vulnerability into the Orion software via the SUNSPOT malware. SUNBURST, the term for this malicious vulnerability, can reboot machines, execute files, and disable system services at a large scale; hence the numerous victims affected.
Forewarned is forearmed. There is no place more relevant for this expression than in the world of cybersecurity, especially for supply chain attacks and supply chain management risks. By recognising the associated risk factors, businesses can better mitigate their risks by improving their threat detection and vulnerability resolution. Below are some of the most common risk factors to take note of;
1. Depending on numerous commercial software productsMost organisations today rely on commercial software programmes for their various departments, such as human resources (HR), accounting, project management, and so on. There could be any number of vulnerabilities within such software that hackers can exploit and use to attack critical assets or steal sensitive data.
2. Using many open-source components or softwareAround 90% of organisations leverage open-source code to accelerate their innovations, solve business problems, and save time and money, according to one 2021 report. This poses an issue since open-source components suffer from ongoing security problems. For instance, the 2017 Equifax data breach is a well-known attack caused by a vulnerability from an open-source component. In 2021, more than 4,000 vulnerabilities deemed high severity were also discovered in open-source code.
3. Increasing vendor networkThe more software applications an organisation adopts for its operations, the greater its third-party vendor network grows and the associated cyber threat risks. If these vendors are not proactive in rooting out and patching vulnerabilities in their software, using their products will increase one’s vulnerability to supply chain attacks.
4. Sourcing from ‘risky’ nationsSoftware developed in low-cost countries may be at higher risk of containing backdoor malware and exploitable vulnerabilities that attackers can use to compromise enterprise users.
Completely eliminating the risk of supply chain attacks is highly unlikely since most organisations will need to use or are already heavily dependent on commercial and open-source software. Also, depending on their success and growing software requirements, expanding their vendor network is inevitable. That said, there are many must-have security measures to minimise an organisation’s vulnerability against many types of supply chain attacks, such as:
● Exclusively source software from reputable vendors.
● Deploy patches and updates through a robust patch management process as soon as possible.
● Regularly audit software assets and have a software inventory that keeps track of which systems need safeguarding.
● Engage vulnerability assessment and penetration testing services across the organisation’s entire software environment.
● Stay on top of and remove any unauthorised or shadow IT software installed by employees.
● Employ client-side endpoint security measures such as NGAV, EDR, and other tools to stop malicious code before it penetrates the network.
● Establish code dependency policies that allow only authorised apps on the network.
Supply chain attacks mean that compromising one organisation can lead to compromising many others. Thus, having visibility and understanding your threat landscape and organisational risks is essential to preventing supply chain attacks.
To secure robust, all-around protection of your organisation’s IT infrastructure, get in touch with our cybersecurity experts at GROUP8 today. With our industry-leading services in Singapore, such as endpoint security, vulnerability assessment and penetration testing, you can bolster your cybersecurity defences to withstand all kinds of current and evolving threats. Contact us at hello@group8.co for more details.