The Dinner Party Supply Chain Attack
A supply chain attack occurs when a bad actor gains access to an organization’s people and data by compromising a vendor or business partner. Let’s think of this type of attack as if it was a dinner party. You invite your close friends over and hire a catering company that you know and trust to cook the meal. However, neither you nor the caterer were aware that one of the waiters serving your guests stole the key to your house and made a copy. You throw a lovely party, and your friends rave about the food, and everyone goes home. But later that week you come home to find all your valuables missing.
To find out who broke into your home, you go through the nanny cam you have hidden in your child’s stuffed animal. That’s when you spot the waiter roaming through your house when you were away. In this story, the caterer is the compromised link in the supply chain. Similar to a dinner party, companies need to trust all participants in the digital supply chain because a risk to a supplier can risk the entire system — just like one waiter exploited the trust between the caterer and the client.
Types of Supply Chain Attacks
Supply chain attacks can be understandably concerning for those in charge of cybersecurity within an organization. According to Verizon’s 2024 Data Breach Investigations Report, breaches due to supply chain attacks rose from 9% to 15%, a 68% year-over-year increase. Even if you are diligent about protecting all your people, devices, applications, and networks, you have very little control or visibility into a bad actor attacking an external organization.
There are different ways that attackers can execute supply chain attacks. They can plant malicious hardware that is shipped to customers. They can inject bad code into software updates and packages that are installed by unsuspecting users. Or attackers can breach third-party services, like a managed service provider, or HVAC vendor, and use that access to attack their customers.
The supply chain attacks that you see in the headlines are usually the ones that are rather large, and the victim organization has little control over. However, the more common compromises happen when attackers first target smaller companies (suppliers) with the goal to get to their customers (real targets). Let’s consider the following example of a law firm that leads to a compromised client(s):
How the User Protection Suite Secures Your Organization
Cisco’s User Protection Suite provides the breadth of coverage your organization needs to feel confident that you can protect your users and resources from supply chain attacks. The User Suite provides email and identity protection, plus safe application access, all on a secure endpoint. Now let’s think about how a supply chain attack would be prevented at key moments:
- Email Threat Defense: Email Threat Defense uses multiple Machine Learning models to detect malicious emails and block them from reaching the end user. If someone in your supply chain is compromised and sends you an email with a phishing link or malware, the sophisticated models will detect the threat and quarantine the email. Even if the sender is listed as trusted, and the attached document is one you have seen before.
- Cisco Duo: If a supply chain attacker gets access to an organization’s user credentials through compromising a vendor’s database, it is important to have multi-factor authentication in place. By pairing strong authentication methods, like Passwordless, with Trusted Endpoint’s device policy, your organization can block unauthorized access. And if there are potential weaknesses in the identity posture, Duo’s Continuous Identity Security provides cross-platform insights to enhance visibility.
- Secure Access: Secure Access ensures that your users safely access both the internet and private applications. Secure Access’ zero trust access solution enforces least privilege access, meaning that users are only given access to the resources they need. That means that even if a supply chain partner is compromised, their access to the network is limited and you can prevent lateral movement.
- Secure Endpoint: Secure Endpoint provides the tools for organizations to stop and respond to threats. One of those tools includes Secure Malware Analytics, that sandboxes suspicious files and provides insights from Talos Threat Intelligence. Cisco evaluates 2,000 samples of malware per minute across all of Cisco’s products to block malware from reaching the end user. In cases where an endpoint does become infected in a supply chain attack, Secure Endpoint’s integration with Duo’s Trusted Endpoints automatically blocks that user’s access until the malware has been resolved.
The cybersecurity threat landscape can be overwhelming. There are many different types of attacks targeting users who just want to focus on their job. Our goal with the User Protection Suite is to empower users to be their most productive, without worrying about breaches. Let users get to work and we’ll handle the security risks to protect your organization from the top threats.
To learn more about how the User Protection Suite can protect your organization today, see the Cisco User Protection Suite webpage and connect with an expert today.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: