The bigger the business, the more suppliers. And as businesses use more and more internet-connected devices like printers, point-of-sale terminals and even air conditioning, cybercriminals have more ways in.<\/p>\n
One way to stop cyberattacks is to invest in cyber defenses like software, people and training. Most large enterprises know they could be targets and have prioritized cybersecurity. So, many cybercriminals have turned to compromising smaller businesses that supply larger businesses to get to their real target.<\/p>\n
Tomorrow Unlocked\u2019s video Target the Supply Chain looks at supply chain attacks and how to prevent them, with supply chain attacks expert Eliza-May Austin, CEO and co-founder of\u00a0 th4ts3cur1ty.company<\/a> (That Security Company.)<\/p>\n A supply chain cyberattack is when cybercriminals compromise a smaller supplier of a larger business, intending to eventually attack the larger business. These attacks aren\u2019t new, but they\u2019re becoming more common and harder to detect<\/a>.<\/p>\n In Target the Supply Chain, Austin explains how cybercriminals stole 40 million people\u2019s card details from US retail giant Target. It started when an employee at Target\u2019s air conditioning supplier clicked a link in a phishing<\/a> email, injecting malware into their system.<\/p>\n Target had remote access to monitor their air conditioning units, and that remote access was through the same network where cybercriminals could access personal data from point-of-sale devices. The attack cost Target some 61 million US dollars.<\/p>\n<\/blockquote>\n In 2017, Kaspersky researchers found a \u2018backdoor\u2019 in the server management software<\/a> hundreds of large businesses use. When activated, the backdoor let attackers steal data. Researchers notified the suppliers, NetSarang, who pulled down the compromised software and replaced it with a clean version.<\/p>\n Sometimes, there is no clean version. Noushin Shabab, Senior Security Researcher at Kaspersky, says supply chain attacks can start in software development. \u201cCyberattackers can compromise software by getting inside software used by developers. That way, malicious code can end up on many businesses\u2019 networks.\u201d<\/p>\n Austin\u2019s start-up works with suppliers to larger corporations to \u2018harden\u2019 (better protect) their whole supply chain from attack. She says, \u201cWe can prevent about 80 percent of attacks with basic cyber-hygiene. Make sure your software and hardware is up-to-date. Limit your \u2018attack surface\u2019 \u2013 if something needn\u2019t be online, don\u2019t put it online. Audit passwords, making sure they\u2019re complex. Have two-factor authentication. Employees can be the weakest link in a company, but with good cybersecurity training<\/a>, they can be the strongest.\u201d<\/p>\n Threat hunting also helps prevent supply chain attacks<\/a>. Kaspersky\u2019s Nikolay Pankov says, \u201cA sophisticated targeted attack can implant malware and stay under the radar for a long time. To prevent those attacks, you need experienced threat hunters.\u201d As getting these skills in-house can be challenging at the best of times, using a targeted attack discovery service<\/a> is a good option for businesses of all sizes.<\/p>\n Cybercriminals are nothing if not flexible and adaptable. They\u2019ve adapted to growing cybersecurity awareness in enterprises by compromising smaller suppliers. But by using their growing cybersecurity awareness, larger companies can protect themselves even more by looking further afield and working with their smaller suppliers to protect both businesses.<\/p>\n","protected":false},"excerpt":{"rendered":" Big businesses are often cybersecurity savvy, so cybercriminals have started attacking them through smaller suppliers. But there are ways to stop it.<\/p>\n","protected":false},"author":2552,"featured_media":43692,"template":"","coauthors":[3673],"class_list":{"0":"post-43691","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-enterprise-cybersecurity","8":"emagazine-category-trends","9":"emagazine-tag-supply-chain-attacks"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/stop-supply-chain-cyberattacks\/43691\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/43691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43692"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43691"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=43691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What is a supply chain attack?<\/h2>\n
How to protect against supply chain attacks<\/h2>\n