Cyberattacks against the supply chain are among the most troubling risk factors affecting the critical infrastructure segment. In June 2017, an intrusion at a small family business led to the most expensive cybersecurity incident the world has seen so far, the NotPetya incident, which is estimated to have caused damage in the range of USD 10 billion. During autumn 2020, it was discovered that software products from the US company Solarwinds had had backdoors injected, and that several thousand customers had unwittingly installed them in their networks. Recently, in July 2021, an intrusion at Kaseya took out the payment systems at Coop, a Swedish chain of grocery stores.
When defending against traditional cyberattacks, you work on the assumption that the attacker is outside, working their way inwards. But what if the attacker is already inside, after hitching a ride inside the latest laptop, network switch or software product you bought? It is impossible to completely prevent supply chain attacks. In practice, most customers can only hope that their vendors do their best to maintain good security. However, there are a number of things one can do to reduce the potential harm from a supply chain attack when it eventually occurs. Below, we give you a few tips for harm reduction.
Inventory management might sound mundane, but it is an important tool for managing the risk of supply chain attacks. If there is an alert that a certain version of a certain product has been found to contain a backdoor, it is much simpler to respond if you have an up-to-date configuration database that tells you if your organization uses that product, and if so, where.
Network segmentation is another harm-reducing measure. By isolating different parts of the organization from each other on different networks, you can slow down an attacker, and hopefully stop the attack before too much damage is caused. There is no reason why, say, an infected printer device at the finance department should be able to reach the production network.
Network monitoring and logging are two very powerful tools to reduce the damage caused by a supply chain attack. They can help an organization to discover suspicious activities at an early stage and stop an attack before it leads to production outages.
Among the most important things is to have performed a thorough risk analysis and developed a response plan for handling a cyberattack, regardless of whether it targets your organization directly or is the result of a supply chain attack. For example, it is important to have a “Plan B” for critical business functions. If Coop had had a fall-back method for handling payments, they could have weathered the attack on Kaseya with a smaller financial fallout.