Trending Now

How Nonprofits Are Shaping Global Trade Through Advocacy and…

New Articles

Cybersecurity Becomes Job One: Preventing Ransomware Attacks on The Supply Chain

ransomware
Archives, Global Trade Daily, Technology

Cybersecurity Becomes Job One: Preventing Ransomware Attacks on The Supply Chain

Leave a comment

In 2021, ransomware attacks on supply chains became a front-burner issue for businesses, cybersecurity experts and even international governments. During this year, instances of ransomware attacks more than doubled from the previous year, with some 623 million ransomware attacks being recorded worldwide. 

In addition to an increase in frequency, ransom attacks began to take on a more nefarious flavor, attempting to cripple food networks, water supplies, fuel distribution networks, and even hospitals and city governments. What this indicates is that the focus of ransomware attacks has largely shifted away from large financial firms and toward manufacturers. Evidence supports this sentiment with records showing that 23% of cyberattacks in 2021 targeted manufacturers. 

This significant uptick in supply chain ransomware attacks has made many organizations, including some government agencies, begin to prioritize fighting against this form of cybercrime. Many of these organizations are beginning to collaborate in this fight to make their efforts more effective. 

WHAT IS A SUPPLY CHAIN ATTACK?

A supply chain attack is a form of a cyber attack in which a cybercriminal targets vulnerable aspects of a supply chain’s computer systems. The chief aim of these attacks is to gain access to the networks of the victim’s supply chain suppliers and partners. What makes these attacks particularly dangerous is the fact that cybercriminals gain access to the networks of multiple organizations because of a ransomware attack rather than just the victim’s network. 

Those particularly vulnerable to these types of attacks include smaller organizations without the resources to implement necessary cybersecurity safety measures. In addition, the COVID-19 pandemic exposed many weak points for hackers to exploit because of the shift to remote work. 

TECHNIQUES USED BY CYBERCRIMINALS TO ATTACK THE SUPPLY CHAIN

Some common techniques used by cybercriminals to attack supply chains have become more apparent. Techniques used by cybercriminals to be aware of include:

 Phishing: Also known as social engineering, phishing is when a victim is tricked into downloading and opening an infected file. Cybercriminals typically pose as a boss or coworker to convince their victim into doing this. 

Malvertising: This form of cyberattack finds the attacker crafting fake online advertisements that victims may click on unsuspectingly. This results in malicious software being run on the victim’s device. 

Leveraging vulnerabilities in software code: When there are weak spots in a victim’s software code, cybercriminals can exploit this many ways, such as encrypting information and demanding a ransom to decrypt it. 

SUPPLY CHAIN SECURITY’S WEAK LINK: MANAGED SERVICE PROVIDERS

Managed service providers and managed security service providers have been the sources of many breaches of supply chain security. That’s because many organizations place a large amount of trust in these providers and are less likely to be critical about downloading updates from them. 

The danger of blindly trusting one’s managed service provider was showcased in the SolarWinds ransomware attack. A management system under the umbrella of SolarWinds called Orion, used by many large organizations, was hacked. Many organizations then unknowingly downloaded a malicious update, giving hackers unprecedented access to the private networks of many large organizations. 

WHAT IS BEHIND THE RECENT SURGE IN RANSOMWARE SUPPLY CHAIN ATTACKS?

As a result of the steep rise in ransomware attacks in recent years, many have begun to seek the answer to that question. According to AT&T, these are the five main reasons for the increase in ransomware attacks against supply chains:

  • Victims are more willing to pay ransoms
  • Rising international tensions
  • Expanding networks create more vulnerable points to be exploited
  • Cryptocurrency has made anonymous payment easier for cybercriminals
  • Cybercriminals offer ransomware as a service to other criminals without ransomware experience

SUPPLY CHAIN ATTACK PREVENTION FOR ORGANIZATIONS

Although ransomware attacks on supply chain organizations have become more prevalent in recent years, there are ways organizations can safeguard themselves. One of the most effective ways to do this is by utilizing the five-step approach that revolves around the idea that software developers need to ensure their code has as few vulnerabilities as possible. Here are the five steps: 

  • Keep developers updated on cyberattack risks
  • Make sure open-source development tools are visible and secure
  • Adopt zero trust security that treats all code as unsafe 
  • Build encryption into all apps
  • Work with vendors and partners to plug third-party risks 

To stop supply chain attacks, software needs to be shipped with little to no weaknesses or vulnerabilities for cybercriminals to exploit. Both vendors and customers of supply chain software can benefit from taking advantage of effective safeguarding techniques. Some of the best and most effective techniques for preventing supply chain cyberattacks include:

  • Identify and plug third-party leaks
  • Lock down internal systems and vendor networks by patching all known vulnerabilities
  • Evaluate partners’ security measures and vendors’ security ratings

While one may be aware that these are goals to work toward, it’s not always obvious how to achieve them. Tools and approaches that can be used to achieve these include:

  • “Honeytokens” or fake data resources planted on a company’s network to attract attackers and alert the company about suspicious activity. In addition to providing advanced notice of an attack, honeytokens indicate the methods the attackers will use and can sometimes identify the criminal parties.
  • Privileged access accounts must be managed carefully by implementing a platform that disrupts the path from initial network access to the exfiltration of sensitive data.
  • Cybercrime awareness training instructs staff on how to detect a phishing attempt, how to protect their login credentials, and how to identify and report breach attempts.
  • Third-party data leak detection tools prevent ransomware attacks that originate on vendor and partner networks, even when the third party is unaware of the breach.
  • Encryption of all internal data is one of the simplest ways to discourage cybercriminals, who often prefer to attack systems that are easily breached. Encryption should meet the Advanced Encryption Standard.
  • Zero trust architecture is a security approach that assumes all activity on the company’s network is malicious by default, so access to sensitive information requires that each connection request meet a stringent set of security policies.
  • Multiple layers of defense integrate antivirus, multifactor authentication, and attack surface monitoring, among other data security measures. Multilayer security creates operational layers, each of which has unique capabilities and functions targeted at preventing a specific type of threat.

THE WORLDWIDE BATTLE AGAINST CYBERCRIMINALS

Though ransomware attacks have increased on supply chains, it’s estimated that these crimes will increase even more in the coming years. That’s why private organizations and government agencies are prioritizing the fight against ransomware and are helping mitigate the threat of cyberattacks. 

In addition, cybersecurity professionals familiar with the latest tools and specialized knowledge in the field are helping supply chains become more resilient against cybercriminals with stronger cybersecurity practices. The strengthening of supply chains benefits not only manufacturers but also consumers and the economies of the entire world. 

Author’s Bio

Ryan Ayers has consulted several Fortune 500 companies within multiple industries including information technology, cybersecurity, and big data. After earning his MBA in 2010, Ayers began working with start-up companies and aspiring entrepreneurs, with a keen focus on data collection and analysis.

 

cyber-security
Archives, Commentary, Global Trade Daily, Software

Cyber-Security Takes Its Rightful Place At The Forefront of Multinational Corporation (MNC) Growth Strategies

Leave a comment
Over the last few years, cyber-attacks have become more and more prevalent across the United States and no doubt in the global news cycle. ‘Ransomware’ has become a household name and in short, found its potential to hold America and its businesses hostage.
From the attack on the JBS meat plants to the Colonial Pipeline, the correlative effects are clear and present to both small enterprises and multinationals.

The potential for digital warfare to spill beyond Russian and Ukrainian IP addresses should serve as additional notice that companies need to be thinking pragmatically and be on high alert.

Atlantic Data Security is a Cybersecurity solutions provider that manages, consults, and offers wholescale security protection solutions. Named the “Most Promising Cyber Security Solution Provider by CIOReview,” Atlantic Data Security can analyze all types of system configurations, then recommend, deploy and manage all critical security components of a company’s network.

Scott Kasper serves as the company’s CEO, herein addressing the challenges and opportunities inherent to the industry of cyber and to cyber stakeholders.
Please provide our readership with background on the steer and scale of Atlantic Data Security?SK: Atlantic Data Security has over 30 years of experience in the cyber security industry providing high-level cyber consulting and professional services to some of the world’s top corporations.  We also provide end-to-end value from architecture to professional services, managed services, post-deployment support, and consulting.

We have physical offices up and down the East Coast.  We partner with the leading suppliers of cyber technology to meet the ever-evolving needs of our clients.

The notion of quasi-‘State Capture’ through ransom-ware has captivated the media cycle as of late. Where are the pain points in an organization assessing their weaknesses against ‘phishing’-oriented and cyber-security threats?

SK: Phishing attacks are considered among the most challenging cyber-security threats faced by all organizations.  Regardless of how much you train your employees, or how cautious they are online, there remains a high probability that your company or agency will still be attacked.

Phishers keep developing their techniques over time and as long as there is electronic media, they will find vulnerabilities to exploit.  Ransom-ware attacks are becoming daily headlines precisely because they are so prevalent.  360-degree knowledge about your environment is the first step of being prepared for an attack.  Here’s our approach:

First, we conduct a Readiness Assessment.

A Readiness Assessment will improve your organization’s ability to respond to a ransom-ware attack quickly and effectively.  Our firm is made up of experts who have extensive experience in cyber-security and incident response (IR) plans.  We will review your IR plan, capabilities, and technologies. If you don’t have such a plan, we’ll help you craft one.  Our consultants will highlight gaps and identify areas for improvement to bolster your readiness and strengthen your overall cyber defense capabilities.

Here’s what we’ll do as part of our typical Assessment:

1.  Analyze relevant firewall and network device configurations for security weaknesses;

2.  Review user activity logging and audit configurations to prepare for a potentially broader investigative efforts;

3.  Review network and endpoint security monitoring solutions and processes;

4.  Evaluate email and web filtering options and configurations to prevent phishing attacks and malicious payload delivery;

5.  Review access and privileged access controls and processes; and

6.  Evaluate overall vulnerability and patch management controls and processes

Next, we’ll teach you to run a Ransom-ware Tabletop Exercise.

Performing the Ransom-ware Tabletop Exercise will improve your organization’s ability to quickly and effectively respond to a ransom-ware attack.   At Atlantic Data Security, we will design and facilitate a ransom-ware attack tabletop IR exercise.  We base the exercise on the many investigations our IR team will have performed to test your readiness by means of a simulated attack.

We also educate and train your teams to practice IR processes and workflows. It is important to keep up-to-date on modern day attack techniques to evaluate effectiveness in, and be ready for, real-world scenarios.

Where are the opportunities for industry growth in the arena of cyber security?

SK: At Atlantic Data Security, the opportunities for growth are nearly infinite.  We are building a generation of expertise in an area where real world experience is frighteningly rare in the existing talent pool.  While it is said there is a zero percent unemployment rate in cyber, that fact does not take into account the dearth of practically tested experts. We provide that real world experience because we’ve been there since the beginning.

Today there is an even greater need for top-level, defensive talent. With increased use of the cloud and the accelerating rate of people working remotely, the market needs professionals trained and experienced in keeping organizations safe.

Where does Atlantic Data Security seek to expand within the course of five years’ time?

SK: Atlantic Data Security is poised for vibrant growth over the next five years.  Towards the end of 2020, I was tasked with engineering our business practice to take fuller advantage of our primary resources – our consultants.  Atlantic Data Security’s long history and background puts us in the unique position of being one of the top cyber consulting firms in the world.

Like the business management firms McKinsey, Boston Consulting Group and Bain & Company, Atlantic Data Security is becoming the leader in cyber consulting.

As we grow, we are investing in 5 key areas:

Brand name:  Our brand is our promise to our customers. We see it as our responsibility to provide advice, guidance, and assistance to protect against cyberattacks with proactive, focused, industry-relevant threat intelligence. That’s why our name gives our clients the confidence that comes from knowing their business is secure.Strategy work: At Atlantic Data Security, we focus on strategy work, which is the cutting-edge of consulting work in the cyber industry.   We also partner with other leading cyber agencies and leaders to ensure we are providing the latest and absolute best advice and counsel to our clients.

Strong client relationships:  Advising and standing by our clients for over three decades, we have built very long-standing relationships. Atlantic Data Security has a history of client retention because we put tremendous value on client trust and on the quality and impact of our work.  We feel as though we are truly an extension of each of our clients’ team, and that is how we work.

Investment in personal development: Atlantic Data Security invests heavily in the professional development of our consultants. Some of our consultants come to us with years of experience, but that is never where the learning ends.  Our consultants have the opportunity to learn and develop many skills, both hard skills and soft skills, in a short period of time. Atlantic Data Security believes mentorship is essential and facilitates frequent peering sessions and exposure to best practices among all divisions.

Talented, smart people: Atlantic Data Security hires the smartest, most talented people around. Our clients know that when a consultant is working with them, they are not part of a training cycle or in the middle of a learning curve.  We have the most knowledgeable and professional consultants in the industry.

Lastly, in the era of en masse virtualization accelerated by COVID-19 social distancing, how can technology safeguard work-from-home employees of MNCs?

SK: There are a number of ways companies and employees can safeguard work from home especially if they are working for Multinational Corporations.  For instance:

For the Employer:

Use a Virtual Private Network (VPN).

The use of a VPN is a fundamental safeguard when users access the company’s network from home or a remote location. A VPN also allows for encryption of data, which adds a level of protection for information such as passwords, credit card numbers and other sensitive or private information. A VPN can also provide a level of anonymity through capabilities such as masking of location data, website history and IP addresses.

Implement Multi-Factor Authentication (MFA).

The simple principle of MFA is that an authorized user must provide more than one method of validating their identity. Even if a cyber attacker has obtained a user ID and password, MFA decreases the risk that an attacker can gain access by requiring an additional means of validation. Multi-factor Authentication uses something you have such as an authenticator app on a smartphone, something you are such as a fingerprint or something you know like a PIN number.

Ensure systems, software, technologies, and devices are updated with the latest security patches.

Employers should track the equipment to be used in a home environment and provide a means of updating software security patches.

For the Employee:

Prevent unauthorized users on company resources (e.g., laptops, mobile devices).

Employees should not allow anyone to access company resources, including family members.

Use only company-authorized devices for remote work.

Personal devices may not have the same level of security and privacy protections as company devices. If your company has a “Bring Your Own Device” policy, be sure that your use of a personal device is in accordance with that policy. This includes home printers and personal email accounts.

Dispose of company documents properly.

Review your company’s records retention and management policies, as well as information management policies, to ensure compliance. If you must dispose of hard copies of company documents, either shred them or securely retain them for proper disposal when you return to the office.

supply chain security ctpat
Archives, Global Trade Daily, Special Reports

Improving Security Along Your Supply Chain: 7 Pointers

Leave a comment

Disruptions in the supply chain can ripple throughout entire industries. As the world becomes more interconnected, these threats become increasingly worrisome, with widespread issues throughout the COVID-19 pandemic highlighting their severity.

Supply chain attacks rose by 42% in Q1 2021 in the U.S. alone, impacting 7 million people. In light of these rising threats, supply chain security is more important than ever. Here are seven pointers for improving safety.

1. Restrict Access Privileges

One of the primary drivers behind rising supply chain attacks is these networks’ wealth of valuable data. Logistics organizations have gone digital and now generate and store vast amounts of information that cybercriminals can steal or hold for ransom. Restricting access privileges can help mitigate these threats.

The more people have access to a system or database, the more potential entry points there are for cybercriminals. Supply chains can eliminate these vulnerabilities by restricting who can see or interact with which systems. A good practice to follow is the least privilege principle: Only those who absolutely need given data to perform their duties can access it.

Tighter access privileges should pair with thorough authentication measures. Users must verify their identity through multifactor authentication (MFA) before accessing anything they’re authorized to.

2. Verify Third Parties’ Security

Third-party actors are another common vulnerability among supply chains. As an example of how pressing this issue is, the now-infamous SolarWinds hack, the biggest cyberattack of 2020, came from a third party. Hackers gained access to thousands of businesses and agencies by infiltrating SolarWinds, a third-party service they all used.

Supply chains must verify the security of any third party before doing business with them. That can mean asking for proof of security measures, only partnering with certified organizations or auditing third parties’ security through independent specialists.

Organizations should also apply the principle of least privilege here. Third parties should only have access to the systems and data they need and nothing more. That way, a breach on their end will cause minimal damage.

3. Secure All IoT Devices

Many have unknowingly created new vulnerabilities as supply chains have embraced new technologies. The widespread use of Internet of Things (IoT) devices to track inventories and shipments can put supply chains at risk. While these gadgets are extraordinarily helpful, they’re notoriously risky if companies don’t secure them properly.

A seemingly innocuous IoT device can act as a gateway to more sensitive systems and data on the same network. Thankfully, the steps to mitigate this threat are relatively straightforward. First, supply chains should host IoT devices on separate networks from other systems so hackers can’t access more sensitive data through them.

Next, supply chains must encrypt all IoT communications to secure their data transmissions. Encryption is often disabled by default, so this step is easy to overlook. Enabling automatic updates will help keep these devices secure, too.

4. Equip Workers Appropriately

While cyber threats may be the most pressing aspect of supply chain security, organizations shouldn’t neglect physical security, either. Piracy, physical theft and similar crimes are still relevant dangers. Supply chains can protect against these by hiring security staff and equipping them appropriately.

New padding technologies can consist of 0.01% solid material but still provide sufficient protection. Equipment like that will help security workers stay safe while not restricting their comfort or range of motion. Other tools like metal detectors, flashlights and ID scanners can further provide these employees with the utmost protection.

Equipping drivers and other supply chain workers with emergency resources is crucial, too. Radios, medical kits, rations and similar supplies should be standard in trucks, ships and other vehicles.

5. Improve Supply Chain Transparency

Supply chains can improve physical and digital security by increasing transparency. The more an organization can see about its operations, the faster it can respond to any incoming threats.

IoT security systems can let workers monitor cameras from their phones, giving quick access to security information. Similarly, organizations can employ smart sensors to monitor for break-ins, fires, leaks and other threats to alert employees when a situation arises. When companies learn of these risks faster, they can respond more effectively.

Similarly, network monitoring tools can give IT teams insight into potential data breaches. Artificial intelligence (AI) systems can continuously monitor for suspicious activity, alerting workers when there’s a possible cybercrime attempt.

6. Train Employees in Security Best Practices

No matter what other security steps an organization takes, employees must be taught about them. All it takes is one misstep from a worker to jeopardize a supply chain’s security, regardless of how strong its other defenses are. For this reason, as many as 85% of data breaches result from human error.

Every employee should receive security training covering relevant risks, best practices and emergency procedures. It’s important to stress why these methods are important so workers understand the gravity of their actions in some situations.

In addition to initial security training sessions, supply chain organizations should host regular refresher training. That way, proper procedures will remain fresh in employees’ minds, preventing mistakes related to them forgetting best practices.

7. Create an Incident Response Plan

Supply chains must understand that no defense system is perfect. Disruptions in this industry are too risky, and it’s likely they will someday experience an emergency. They should create a formal incident response plan to enable quick, effective action should an unexpected event occur.

More than half of all companies have experienced downtime that’s lasted eight hours or more in the past five years. Supply chains can prevent this through a disaster recovery plan. What this looks like will vary among organizations, but it should include backup resources, communication strategies, specific protocols for each department and contingency plans.

Supply chains don’t need to prepare for every emergency but should determine which events are the most likely or potentially destructive. These incidents deserve formal, detailed response plans, which all employees should know. To ensure ongoing efficacy, organizations should periodically review and update these plans.

Supply Chain Security Is Essential

If a supply chain experiences a security breach, it could affect far more than the logistics company itself. That risk, coupled with the rising trend of supply chain attacks, makes these security steps essential.

These seven points are not a comprehensive list of security procedures but cover the most important factors. Supply chain organizations should ensure they consider these steps and take further action if necessary.

vulnerabilities
Archives, Global Trade Daily, News

Top 4 Teleworking Vulnerabilities (and How to Mitigate Them)

Leave a comment

Between social distancing guidelines and stay-at-home orders, it’s clear that we’ll all be spending a lot of time at home.

While many of us might normally work from home a day or two out of each week, few firms are used to having all their staff work from home for weeks at a time. 

This means that many companies have not implemented security measures that are most appropriate for a fully remote team.

To help you make the adjustment, here are some big-ticket vulnerabilities along with recommendations on how to best mitigate them.

1 – Using personal devices

The laptops and desktops your firm owns are secure. They have up-to-date patching and anti-malware. They have simple but important polices like an automatic screen lock. They’re backed up and might even have hard drive encryption and remote wipe capabilities.

Do the personal devices accessing your data even have anti-virus beyond Windows Defender? Are any running Windows 7, which has been out of support for months?

If a vulnerable machine is accessing your firm data, that data becomes vulnerable.

Best practice is to only allow your people to work from firm-owned equipment. If you try purchasing new equipment today, though, you will probably run into significant delays with manufacturing. Your second-best option is to roll out workstation management software to these personal devices. Your IT team can help with this.

2 – Heightened scam activity

Scammers are having a field day with this pandemic. We’re anxious, we’re distracted, we’re working with new and unfamiliar technologies, and we’re accessing confidential data outside of our secure office network.

In a span of just seven hours, cybersecurity company ESET detected 2,500 infections from malicious emails that played on COVID-19 themes. Phishing emails that appear to come from legitimate sources like the World Health Organization offer links or attachments with information about the spread, face masks, a vaccine—anything that will tempt recipients into clicking and infecting their machines with spyware, ransomware, or otherwise.

And the massive success of these scams means that hackers will double-down.

Fortunately, we can avoid these scams by practicing the same awareness tactics you’ve heard before:

-Don’t click links or download attachments you weren’t expecting.

-Watch for poor grammar and generic greetings (sir/ma’am)

-Don’t offer up personal information unless you can verify the request (by calling the sender, logging directly into your Facebook account, etc.)

Regarding coronavirus specifically, be sure to stick to official websites (WHO, CDC) for the latest news on the outbreak.

3 – Not using multi-factor authentication

Multi-factor authentication keeps you protected even if you make a mistake—which, as I mentioned above, is a lot more likely in today’s landscape.

Say you fall for a phishing scam and enter your Office 365 credentials onto a fake web page. But, your Office 365 account is set to send a verification code to your cell phone. Even with your email address and password in-hand, the hacker still can’t access your account unless they’ve also managed to steal your cell phone.

In January 1.2 million Microsoft accounts were compromised. Microsoft has said “multi-factor authentication would have prevented the vast majority of those one-million compromised accounts.”

Work with your IT team to (forcibly) enable multi-factor authentication on as many applications as you can. This is often not labor-intensive, and it can do wonders to keep your accounts locked down.

4 – Sharing devices with others

If you live with roommates or family members, you may find them asking to borrow your machine for anything from their distance learning assignments to streaming movies.

Whether this machine is personal device or owned by the firm, letting others onto the same equipment being used to store and access client data puts that data at risk. It only takes one wrong click to put your threat detection and response software—assuming any is installed—to the test.

And in some cases, someone just seeing an open document on your machine is a compliance violation.

Your firm policy may already have guidelines against sharing devices, but keep in mind that this is new territory for all of us, and that some may need help finding an alternative.

_________________________________________________________________

Heinan Landa, CEO and Founder of Optimal Networks, a globally-ranked IT services firm, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change.

Archives, Global Trade Daily, Software

Sepio Systems, Tech Data & SHI Partner for Cybersecurity

Leave a comment

Hardware-based attacks are at the center of the tri-partnership recently announced between Sepio Systems, Tech Data, and SHI International Corp.

Tech Data channel partners and SHI customers benefit from the partnership as they are granted the option to bundle Sepio’s solutions addressing issues in cybersecurity. In addition to providing simplified deployment options for Sepio Prime/Sepio Agent security management offerings, specific network threats within uncontrolled peripheral devices and accessories are focal points customers and partners benefit from.

“As part of our continuous effort to ease our customer’s process of complying with the NIST standards and guidelines for securing Information Systems, we are excited to team with Tech Data and SHI,” said Yossi Appleboum, CEO of Sepio Systems Inc.

“Packing Sepio’s deep visibility capabilities into devices and hardware assets together with a granular policy enforcement tool greatly reduces the cyber risk organizations are facing. For the first time, Tech Data customers and partners can deploy a simple and robust software solution that addresses more than 15 controls from the NIST 800-53 Special Publication,” Appleboum concluded.

Sepio Systems currently identifies hidden hardware attacks related to rogue peripherals, invisible network devices, and manipulated firmware. The software-only based solution, Sepio Prime, currently boasts a presence in the U.S., Brazil, Singapore, and Israel.