07/08/2021 | News release | Distributed by Public on 07/08/2021 06:03
Key Points:
Most organizations have a hard enough time securing their own operations against cyberattacks targeting employees. But in this sharing economy of business partners, freelancers and contractors, securing the supply chain is just as important as keeping staff members from clicking on a phishing link that leads to ransomware.
Approximately 60 managed services providers and roughly 1,500 of their downstream customers learned about supply chain ransomware attacks the hard way this weekend: They became ransomware victims when cyberattackers compromised Kaseya's VSA remote monitoring and management IT middleware. According to Kaseya, only users of the on-premises version were compromised, not cloud-based customers.[1]The attackers are widely reported to be demanding a $70 million ransom.
This latest attack has put many organizations on edge; in fact, 57% of organizations expressed concern about their ability to protect their supply chains and partners from ransomware, according to How to Reduce the Risk of Phishing and Ransomware, a white paper by Osterman Research. They also expressed low confidence in their contractors' and consultants' ability to recognize phishing emails, which have emerged as a major vehicle for ransomware attacks. Only 29% felt confident their contractors with network access could spot phishing attempts through email and only 26% felt confident that their contractors could spot phishing through other channels.
In these work-from-home times, it's worth noting that 72% of organizations don't think they can effectively protect their employees' home setups against use as an attack conduit; 63% said the same about their employees' mobile devices. Resource-constrained small businesses, which cybercriminals view as weak links in the supply chain, can be particularly vulnerable. Indeed, one survey of 300 small defense contractors found nearly half had unpatched vulnerabilities, outdated software and other issues. The study turned up over 1,300 email security issues.[2]However, larger organizations with stronger or costlier security controls are not immune to security issues; in the face of a security monoculture like Microsoft 365, cybercriminals need only bypass the limited safeguards within the monoculture. Companies making use of a layered approach, such as defense-in-depth, are more confident in their ability to prevent an email-borne attack and are less likely to be severely impacted should one take place.
Ransomware and Third-Party Attacks
The dangers and consequences of ransomware attacks have dominated news headlines: The FBI logged 2,474 ransomware complaints in 2020, with losses estimated at over $29.1 million.[3]But that's likely a conservative estimate, since many victims never disclose the cost of their ransoms, let alone acknowledge paying them. For example, the FBI recently recovered $2.3 million from one cybercriminal organization, which was only part of what was paid in a recent attack. And as the agency pointed out, 'This number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services.'[4]
Protecting organizations against supply chain attacks is a complicated process, especially in a global economy that relies on business partnerships. A typical supply chain may include customers, suppliers and distribution partners, all of which may be connected to the enterprise via digital portals to facilitate agile operations. However, it also leaves a company susceptible to more points of attack. A Ponemon Institute report recently found 74% of organizations that experienced a breach in the last 12 months said it happened because they gave too much privileged access to third parties.[5]
Network access also becomes harder to manage. Alarmingly, the Ponemon study found 54% of organizations don't have a thorough inventory of all the third parties that can access their networks, and they can't identify which ones have access to their most sensitive data.
Riding herd on those users without proper visibility can be impossible, especially if oversight of third parties is split among internal organizations, including IT and operations. The Ponemon study found 59% of organizations had no centralized control over third parties with access to their systems.
How to Stop Supply Chain Ransomware Attacks
So how can organizations prevent ransomware attacks that come by way of their supply-chain partners? A few best practices can be helpful.
The Bottom Line
The Kaseya incident this weekend is only the latest in a long string of high-profile ransomware attacks. Ransomware will continue to trouble enterprises as cybercriminals continue to become more organized and sophisticated in their schemes, according to the Osterman report. Unfortunately, less than one-third of organizations are confident in their supply-chain partners' ability to recognize they've been targeted by a phishing email, which puts the entire supply chain at risk. A few best practices, however, can go a long way in keeping the supply chain protected.
[1]'Updates Regarding VSA Security Incident,' Kaseya
[2]Defense Industry Supply Chain & Security 2021, BlueVoyant
[3]2020 Internet Crime Report, FBI
[4]'Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside,' Department of Justice
[5]A Crisis in Third-party Remote Access Security, SecureLink/Ponemon Institute
[6]The Psychology of Human Error, Tessian
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly