{"id":43446,"date":"2023-08-26T07:52:34","date_gmt":"2023-08-26T11:52:34","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=43446"},"modified":"2023-10-20T04:52:54","modified_gmt":"2023-10-20T08:52:54","slug":"supply-chain-attacks-austin","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/supply-chain-attacks-austin\/43446\/","title":{"rendered":"How your air conditioning could start a cyberattack"},"content":{"rendered":"<p>Many big businesses know they could be cybercrime targets and invest in defenses like software and training. That\u2019s why cybercriminals are increasingly attacking through smaller suppliers who don\u2019t have the same knowledge and resources. It\u2019s called a supply chain attack.<\/p>\n<p>In Tomorrow Unlocked\u2019s second episode in the hacker:HUNTER Behind the Screens series, Eliza-May Austin, CEO and co-founder of <a href=\"https:\/\/th4ts3cur1ty.company\/\" target=\"_blank\" rel=\"noopener nofollow\">th4ts3cur1ty.company<\/a> (That Security Company,) explains how US retail giant Target was attacked through a most unexpected device \u2013 the air conditioning.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/b8EQ38foXLU?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>We ask Austin how businesses can prepare for supply chain attacks and how she thinks things are going for women in cybersecurity careers.<\/p>\n<p><strong>In Tomorrow Unlocked\u2019s Hacker: HUNTER Behind the Screens video, you talk about the <\/strong><a href=\"https:\/\/www.youtube.com\/watch?v=b8EQ38foXLU\" target=\"_blank\" rel=\"noopener nofollow\"><strong>supply chain attack on Target in 2013<\/strong><\/a><strong>. Why is this attack so important?<\/strong><\/p>\n<p>Businesses must work with other businesses, which makes us all susceptible to a certain degree of risk. Take an airplane, for example. To go from concept to in the air involves hundreds of businesses, contractors and applications. It takes just one breach to compromise that trusted ecosystem. It\u2019s something we should all take seriously.<\/p>\n\t\t\t<div class=\"c-promo-product\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/right-it-testing-solution\/36262\/\" class=\"c-promo-product__figure\">\n\t\t\t\t\t<img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/01\/25092410\/Security_Assessment-500x500-1.png\" class=\"attachment-card-default size-card-default\" alt=\"\" data-src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/01\/25092410\/Security_Assessment-500x500-1.png\" data-srcset=\"\" srcset=\"\">\t\t\t\t<\/a>\n\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--medium@sm c-card--aside-hor@lg\">\n\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\"> Test your infrastructure<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h3 class=\"c-card__title \"><span>Which security testing?<\/span><\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t<p>Four types of security testing and when to use them.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"c-card__aside\">\n\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/right-it-testing-solution\/36262\/\" class=\"c-button c-card__link\" target=\"_blank\" rel=\"noopener nofollow\">Read more<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\n<p><strong>Your business <\/strong><a href=\"https:\/\/th4ts3cur1ty.company\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>th4ts3cur1ty.company (That Security Company)<\/strong><\/a><strong> helps companies large and small harden their supply chains. How do you do that?<\/strong><\/p>\n<p>There are many things businesses can do to defend against supply chain attacks. For example, we run <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/right-it-testing-solution\/36262\/\" target=\"_blank\" rel=\"noopener nofollow\">penetration testing<\/a>, consult on governance, risk and compliance and importantly, logging, monitoring and vulnerability management.<\/p>\n<p><strong>Are businesses becoming more aware of supply chain attacks and responding appropriately?<\/strong><\/p>\n<p>I can\u2019t confidently say <em>yes<\/em>, which is why I\u2019m vocal on the issue.<\/p>\n<blockquote><p>I come across companies with little need for concern who spend too much defending against every possible scenario. On the flip side, some don\u2019t think considering these risks should be on their to-do list at all.<\/p>\n<\/blockquote>\n<p>I recently asked a small-to-medium company (SMB) that supplies services to the medical sector if they\u2019d considered how an attack would impact their clients\u2019 security. I was met with such bemusement you\u2019d think I\u2019d asked for a sandwich.<\/p>\n<p><strong>What\u2019s the most common problem making businesses vulnerable to supply chain attacks?<\/strong><\/p>\n<p>Not knowing how prevalent it is. But also, some businesses that do understand the issue\u2019s scale get overwhelmed by it. These attacks aren\u2019t always sophisticated \u2013 simple measures can go a long way.<\/p>\n<p><strong>How did you get into cybersecurity?<\/strong><\/p>\n<p>I moved from a degree in forensic science to a degree in digital forensics, did some internships and the rest is history. You don\u2019t need a degree to be in cybersecurity.<\/p>\n<p><strong>Is the industry giving women equal opportunities to enter and succeed yet?<\/strong><\/p>\n<p>I think this industry, like any, is what you make of it. Cybersecurity is a fantastic career choice for women and should be promoted as such.<\/p>\n<p><strong>What could employers do today to attract and retain more women? <\/strong><\/p>\n<p>I get asked this a lot, so I wrote <a href=\"https:\/\/th4ts3cur1ty.company\/blog\/15-ways-to-attract-more-women-to-your-technical-cyber-security-team\/\" target=\"_blank\" rel=\"noopener nofollow\">15 ways to attract more women to your technical cybersecurity team<\/a>.<\/p>\n<p>I\u2019ve included simple, practical things like considering the physical environment. For example, if employees have to crawl around on the floor to plug in a laptop, that may feel degrading when wearing a skirt.<\/p>\n<p>I also recommend being more open-minded about what kind of people you need:<\/p>\n<blockquote><p>You don\u2019t need to hire people who are \u2018proactive in the industry.\u2019 Some people are introverts and that\u2019s OK. Consider introverts in your interview process. A strong team is a mix of types of people who will respond to interviews differently.<\/p>\n<\/blockquote>\n<p><strong>What is <\/strong><a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/ladies-hacking-society-lhs\/id1495166437\" target=\"_blank\" rel=\"noopener nofollow\"><strong>Ladies Hacking Society (LHS)<\/strong><\/a><strong> and why did you found it?<\/strong><\/p>\n<p>LHS is an awesome community of women who come together to learn from one another and teach each other hacking. I wanted to create a technical option for women because I found mixed events were not really mixed (mainly men) whereas women\u2019s events revolved around governance or high-level theory. It\u2019s a lot of fun and a great bunch of people.<\/p>\n<p><strong>Which is the most important lesson from your <\/strong><a href=\"https:\/\/elizamay-austin.medium.com\/11-leadership-lessons-from-terrible-managers-fede9c332905\" target=\"_blank\" rel=\"noopener nofollow\"><strong>11 leadership lessons from terrible managers<\/strong><\/a><strong>, and why?<\/strong><\/p>\n<p>Lesson 3: A sense of humor matters. People tend to take themselves too seriously. Encouraging people to laugh and joke does wonders for team morale and gets people through stressful times. Let\u2019s all calm down and have a giggle.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity expert Eliza-May Austin finds many businesses are oblivious to cyber-risks in their supply chain. She tells us how she\u2019s changing mindsets.<\/p>\n","protected":false},"author":2552,"featured_media":43452,"template":"","coauthors":[3673],"class_list":{"0":"post-43446","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-enterprise-cybersecurity","7":"emagazine-category-safer-business","8":"emagazine-category-women-and-diversity","9":"emagazine-tag-interview","10":"emagazine-tag-retail","11":"emagazine-tag-supply-chain-attacks"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/supply-chain-attacks-austin\/43446\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/supply-chain-attacks-austin\/26089\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/43446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43452"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43446"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=43446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}