Organizations are only as strong as the weakest link in their supply chains. This means that when it comes to protecting your organization from attackers, you don’t just have to consider your own security – you also have to consider how potential attackers could try to gain access to your employees’ accounts from inside your supply chain.
90% of organizations have experienced security incidents caused by supply chain weaknesses. Furthermore, 50% of security incidents and data breaches involved stolen credentials, and there has been a 30% increase in stolen credentials in the last five years.
If one of your vendors is vulnerable to phishing attacks and one of its email accounts is taken over by an outside source, these threats can quickly spread to your organization.
SolarWinds – a lesson in supply chain compromise
Nothing highlights our dependence on effective supply chains like an attack on one. Supply chains are often complex, with many different suppliers and organizations involved. Their complexity can make them especially vulnerable, and it can often take a long time for business leaders to notice supply chain compromise. Over the past few years, there have been several high-profile supply chain attacks.
Perhaps the most well-known supply chain attack is the 2020 SolarWinds hack, which stands out as one of the biggest cybersecurity breaches of the 21st century. The attack involved SolarWinds’ Orion system, an IT management tool that the attackers used to plant malicious code to grant them access to over 18,000 networks. Affected organizations included NASA, the US State Department, and the US Department of Defense.
Attackers gained access to the system in September 2019, and the attack was not publicly discovered or reported until December 2020. This suggests that attackers likely had 14 or more months of unrestricted access to SolarWinds’ customer information technology systems.
SolarWinds was the ideal target for a supply chain attack because organizations worldwide use its software. The attackers simply installed malicious code into SolarWinds’ software, which its customers distributed and installed.
Supply chain compromise can spread fast
More recently, in 2021, IT management software company Kaseya fell victim to a supply chain attack when attackers used a vulnerability in the organization’s virtual system administrator (VSA) software to send ransomware.
While the initial attack was reported to affect “fewer than 60 direct clients,” the attack also affected a further 1,500 businesses supported by these clients. This demonstrates how quickly supply chain attacks can spread and how they can affect organizations that were not directly involved in the initial breach.
Supply chain attacks can be difficult to spot, so they can spread rapidly via email. Many organizations rely solely on secure email gateways (SEGs) to protect them from attackers, which struggle to detect phishing emails coming from trusted sources such as vendors. SEGs are often ineffective in preventing supply chain attacks because they do not apply zero-trust to treat every email as suspicious.
Supply chain attacks originate from a trusted domain, and the sender and recipient have an established and trusted relationship, making it too easy for them to slip through traditional email security.
Avoiding supply chain attacks
Supply chain attacks are constantly evolving, so you should also be working to ensure your defenses are capable of detecting sophisticated phishing threats. One of the most effective ways to avoid supply chain attacks is through strong email security. This can help your employees to more easily spot signs of impersonation, business email compromise (BEC), and account takeover.
SEGs and Microsoft 365’s native security features offer protection against phishing, thought they alone are not enough to avoid falling victim to sophisticated phishing attacks originating from vendors within your supply chain. Organizations can further increase their security and drastically reduce their level of human-activated risk by using an integrated cloud email security solution (ICES).
Egress Defend is an ICES tool that provides deep analysis of all indicators of suspicion by combining intelligent detection technologies, including machine learning, social graph, and natural language processing techniques. This helps to protect your organization from sophisticated phishing attacks that would otherwise go unnoticed.
Egress Defend also empowers your users and educates them at the point of risk to create real-time teachable moments, so they can understand why emails have been flagged as malicious and avoid falling victim to similar threats in the future.