Ransomware
How complex supply chains could be exposing your organisation to ransomware risk
Global ransomware losses are now measured in the billions of dollars. That’s bad news for everyone except for the threat actors themselves, and the hostile states that shelter them. In fact, a fifth of organisations claim that historic cyber-attacks have brought them to the brink of bankruptcy.
Global ransomware losses are now measured in the billions of dollars. That’s bad news for everyone except for the threat actors themselves, and the hostile states that shelter them. In fact, a fifth of organisations claim that historic cyber-attacks have brought them to the brink of bankruptcy. Finding a way to mitigate the risk of compromise has therefore become an urgent job for IT and business leaders alike. Increasingly, this means focusing on security gaps in the supply chain.
New research from Trend Micro lays bare the challenge. It reveals that some 90% of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target. Tackling third-party risk could secure some quick wins for those looking to take on the bad guys.
Why supply chain security matters
Modern supply chains are complex networks spanning digital and physical worlds. Typical examples are professional services firms like lawyers and auditors, and IT software and hardware providers. Increasingly today, organisations also build their own software using an extensive supply chain of open source providers, which can create complex dependencies that are hard to unravel if vulnerabilities are discovered. Witness the global panic stemming from the Log4Shell exploit.
With ransomware, CISOs are up against a formidable adversary. Some of the most aggressive groups can compromise scores of victims in just weeks thanks to a growing list of talented affiliates who use off-the-shelf service offerings and initial access brokers (IABs) to optimise their efforts. Relentlessly focused on profit, they’re always looking for quick wins and new revenue opportunities. Supply chains are an obvious candidate for attack. In fact, 52% of the global respondents we spoke to said at least one of their suppliers has been hit by ransomware in the past, potentially putting their own systems at risk of compromise.
Threat actors could target supply chains in a number of ways:
- Compromising suppliers which store sensitive information on their clients, such as law firms
- Compromising suppliers in a “stepping stone” attack to gain network access to their partner’s IT environment
- Planting vulnerabilities or malware upstream in open source code repositories, in order to compromise large numbers of downstream users
- Attacking an IT software supplier in a bid to push out ransomware to all of its clients via updates
Visibility and control
The best way for CISOs to wrest the initiative back from these adversaries is to better understand the scale and extent of their supply chains. Once these are comprehensively mapped, and risk assessments performed on each supplier, work can begin on making sure they meet minimum baseline security standards.
Ideally, organisations should mandate the same high security standards they apply internally. Multi-factor authentication and least privileged access, network segmentation, comprehensive preventative controls, and XDR for rapid detection and response, should come near the top of any to-do list. Attack surface management (ASM) tools are also a good idea as they can help organisations understand exactly where they’re exposed.
Even better, source ASM and threat prevention, detection and response from the same vendor. That’s the value of Trend Micro One: which helps to eliminate the coverage gaps and high maintenance costs associated with running point solutions, while enhancing the productivity of security teams. Finally, don’t forget to share all the insight these tools generate with partners and suppliers.
We found that only 47% of organisations share knowledge about ransomware attacks with their suppliers, while 25% say they don’t share potentially useful threat information with partners. Threat actors are past masters at collaborating to drive successful outcomes. Security leaders should take note.
Learn more about why supply chain security could hold the key to reducing ransomware risks.
Talk to us and find out how we work with organisations and their supply chains to protect them from ransomware attacks at DTX Europe, London 12th-13th October 2022, Stand C64.