How Cybercriminals Could Be Infiltrating Your Supply Chain

In today’s modern technology landscape, you would expect for large organisations and enterprises to have advanced cyber defences in place - but can the same be said for their partners?

Cybercriminals have mastered the art of uncovering the paths of least resistance that lead to an organisation’s valuable assets and confidential information. To counter this, security professionals have introduced more robust and sophisticated measures to make it harder for attackers to succeed.

Yet, organisations are only as strong as their weakest link, and if a large organisation has invested in its cybersecurity infrastructure without its partners doing the same, then they have opened the door to “island hopping”. 

Cybercriminals are increasingly opting for island hopping, where they infiltrate a single, weaker target to exploit existing credentials and gain access into larger enterprises – essentially, a paradise of interconnected organisations. 

Island hopping represents a significant threat to any organisation that works with third parties. Particularly susceptible are those enterprises that engage with all sizes of vendors, contractors, and service providers.

Unfortunately, smaller suppliers with potentially weaker security postures can become easy entry points for cybercriminals and pose a substantial risk to their larger clients.

A Paradise For Cybercriminals

Even when suppliers appreciate the importance of cybersecurity, they may lack appropriate resources and be unable to afford the level of defence and monitoring capabilities that are necessary.  Although, business partners and suppliers are not consciously letting bad actors into their networks unchallenged, adversaries are taking advantage of these trusted relationships.

Cybercriminals know that organisations often grant their business partners some level of access to their systems, making them prime targets for phishing, social engineering, and man-in-the middle attacks. Malicious actors are also aware that suppliers are often given more access to systems than they need. Therefore, the question for many enterprises has become, how do they secure their business from island hopping attacks, whilst at the same time being able to continue working with valued suppliers, whatever their size? This problem needs a solution capable of closing vulnerable security gaps in the collaborative workflow, whilst also keeping partnerships running smoothly.

The Role Of Zero Trust

A zero trust authentication strategy can play a pivotal role in an organisation’s cybersecurity infrastructure and ensure that suppliers don’t unwittingly become the bridge for island hopping attacks. Instead of assuming that users and devices are trustworthy, this approach requires continuous verification of every user, device, and application which tries to access resources, based on fine-grained authorisation that can accommodate nuanced data sharing across internal and external users.

By extending this centralised approach to suppliers and third parties, organisations can have visibility and access control of their entire ecosystem in one place, including users, suppliers, partners, roles, and applications.  Always-on verification from dynamic risk indicators such as network device, identity, location, ensures that after authentication is granted it is also monitored throughout each digital interaction to detect any unauthorised access or hijacked session. In this way, any suspicious access can be denied or terminated.

Utilising zero trust authentication can be the difference between being a victim of cybercrime or thriving while protected.

Having the right kind of authentication tools in place will help to minimise risks and, if backed up with education and supporting materials, can further enhance security for all parties. Offering free cybersecurity training to suppliers can help them to improve their ability to defend and respond to threats as well as understand obligations to compliance regulations.  This mutual commitment of time and resources can cement and build longer term commercial partnerships.

It’s important to understand that the risk of a breach is never completely eradicated when dealing with third parties. However, zero trust authentication significantly strengthens security and ensures that every access attempt is rigorously verified, reducing the odds of a successful attack.

Adopting a zero trust mindset puts organisations in a much safer position than those who trust anyone who seemingly has legitimate credentials but turns out to be an island hopping cyber tourist with criminal intentions.

Stuart Hodkinson is VP EMEA at PlainID

Image: Erik_and_so_on

You Might Also Read:

Mapping Out The Journey To Zero Trust:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« Intelligence Chiefs Accuse China Of IP Theft & Online Deception
A Microchip To Reshape Artificial Intelligence »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.