By: Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace
Consumers rely on their trusted retailers and shipping providers during the holiday season more than any other time of year. Whether shipping packages across the country or purchasing a gift online, consumers expect presents to reach their recipients on time.
With this retail congestion on the horizon, attackers will leverage cyber vulnerabilities in the supply chain to maximize business disruption for affected companies.
In a recent alert, the U.S. Cyber and Infrastructure Security Agency documented an observed increase in “highly impactful” attacks, particularly ransomware, during holidays and weekends. In the case of ransomware – now the top cybersecurity concern facing businesses – an alarming 76 percent of infections occur out of regular working hours and during weekends.
Examples like Solar Winds and Kaseya demonstrate the trend of these out-of-hours attacks. Solar Winds revealed its breach last December, and hackers attacked Kaseya during the weekend of U.S. Independence Day.
The rise in supply chain attacks dictates the need for cyber defense
Supply chain attacks like Solar Winds and Kaseya demonstrate the efficacy of sophisticated malicious actors to target a single organization and inflict maximum damage. They have a wide attack surface: compromising a single vendor can provide access to the third-parties vendors in its supply chain. From the Target breach to the Stuxnet computer worm, it is undeniable that several of the most significant cyber-attacks of recent history occurred through supply chain vulnerabilities.
And this is only going to increase.
Even as Canadian organizations begin to prioritize their own cybersecurity toolbox, the supply chain is largely a security blind spot for too many organizations – and an easier way into a digital infrastructure for attackers.
Attackers can leverage double extortion ransomware where they exfiltrate data and encrypt files. They can also employ triple extortion ransomware, doubly extorting the victim organization and extorting related third parties or customers, demanding a ransom to keep exfiltrated data private.
Attackers seeking to compromise a business and its supply chain may even leverage holiday distractions to gather information on employees. Using social media, hackers can craft targeted phishing emails and messages to breach their respective businesses. When these companies are major retailers and food suppliers, any disruption to operations ahead of a holiday prompts potential supply chain disruption. The recent ransomware attack on Ferrara Candy in the weeks before Halloween exemplified how consumers’ access to holiday goods could be in jeopardy if cyber-attackers target a supplier.
IT and security teams need support
As organizations close for the holidays and IT and security teams take much-needed vacations to spend time with loved ones, businesses become more vulnerable to cyber-attacks. Without a security tool that can detect and autonomously respond to these threats and isms solutions to protect sensitive data, organizations become vulnerable. When security teams are away, organizations need security tools to disrupt malicious activity to buy them time to remediate the threat.
In the event of a breach, AI can also triage and investigate malicious activity across the entire digital environment. This ability to augment the human security team allows them time to address the incident. Even when inundated with threats and holiday congestion or operating with only a portion of the security teams, businesses can trust AI to actively protect their organizations from cyber threats. An updated security posture will be the difference between staying ahead of attackers and falling behind.
Ample security needed across all participating supply chain members
While these organizations need to understand the present risks and prioritize investing in security tools that support their team during peak periods, it is not enough for a business to focus on its own security alone. As seen in the attacks on SolarWinds and Kaseya, attackers can compromise organizations through even their most trusted suppliers.
Businesses and their CISOs must also hold third-party vendors and partners to the highest security standards and ensure they also invest in exemplary cybersecurity tools. Building business resilience throughout an organization’s supply chain is the only way to stay ahead of attackers and ensure consumers, business owners, and security teams can rest easy and enjoy the holiday season.
Justin Fier Author Bio
Justin Fier is one of the U.S.’s leading cyber intelligence experts and holds the position of Director for Cyber Intelligence & Analytics at Darktrace. With over 10 years of experience in cyber defense, Justin has supported various elements in the U.S. intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems, and Abraxas. Justin is also a highly-skilled technical specialist and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.