Cyber Essentials 2022 Major Updates Businesses Need to Know
Cyber Essentials is a government backed scheme which was launched in 2014 to allow enterprises to protect themselves against cyber-attacks. It shields businesses within various
The majority of growing businesses work with a variety of partners and third party vendors in various different ways. Exchanging large amounts of data with other partners (such as integrations and customer details) heightens the security risk. With supply chains, deliberate cyber attacks normally involving Malware can easily reach the businesses in the chain through a number of vulnerable access points.
Accenture the global management consultancy recently released a report that over half of cyber attacks are delivered in the form of a supply chain and claim that over 60% of cyber attacks originate from entities that are part of the extended supply chain, or by external parties exploiting security vulnerabilities within the chain itself.
It’s important to note that the security of a supply chain is only as strong as the weakest member of the chain, cyber criminals identify the vulnerabilities of the weakest member to gain access to the other members of the supply chain.
These are worrying statistics for UK businesses considering GDPR is now in play. With the GDPR, a Supply Chain Attack that results in a data security breach could mean businesses are liable to a fine of up to 4% of annual turnover.
Supply Chain Attacks commonly occur from third party software providers, third party data storage, websites and watering holes which are all used to distribute Malware. We briefly explore each method below.
Attacks occur through malicious Malware or counterfeit components embedded in to software stored in repositories that businesses regard as secure. The software is then downloaded by users which then installs both the software and malicious Malware within it. With the compromised software being very difficult to detect if it has been altered at the source there is little clues for security teams to suspect it’s not legitimate. This year, the Petya Ransomware outbreak hit businesses globally infecting millions of computers.
Many businesses store their data with third party companies which aggregate store and process the data. Some data storage providers are not fully secure and can be targeted by cyber criminals where they have the potential to cause large scale fraud with other links of the supply chain.
Cyber criminals can easily access insecure websites and add redirect scripts sending visitors to a malicious domain where Malware is automatically downloaded. This could be the website of one of your third party providers, which would then infect your business if your staff or clients visit the site.
A watering hole Supply Chain Attack is where cyber criminals identify a website with high amounts of traffic eg. Government, finance, healthcare. Once hacked they use this website as a base to distribute Malware which can then infect that users device and other related networks.
The more steps a business takes to improve their own security, the more secure supply chains will become. Here are a few things you can do to improve the security of your business and some considerations to ask your partners within supply chains. However, complex supply chains such as those in manufacturing require comprehensive risk management processes in place.
Infinity Group are IT Security specialists and GDPR Consultants. If you are interested in IT Security strategy implementation or GDPR Consultancy, please get in touch to find out more.
Photo credits https://www.ncsc.gov.uk/
Cyber Essentials is a government backed scheme which was launched in 2014 to allow enterprises to protect themselves against cyber-attacks. It shields businesses within various
In March 2020, the UK along with the rest of the world was placed in lockdown due to Covid 19. Businesses sent staff home and
In the traditional IT world, the edge of an organisation’s network, or rather it’s firewalls, were considered the perimeter and everything that occurred within the
There is no doubt that the financial sector has become the most prevalent target for cyber security attacks over the last few years. The COVID-19