Supply chain cyber attacks: observations from the frontline
There is no doubt 2020 has been a challenging year for businesses across every element of the supply chain and in all sectors. The bushfires from earlier this year gave way to a far greater disruption in the form of COVID-19. Despite these significant shocks, there is now light at the end of the tunnel for many businesses who have been battered by the twin economic and health crises.
Amid these large-scale crises unseen risks have been brewing. The recent large-scale cyber-attack on government and businesses by a nation-state actor is one example. These attacks, designed to steal intellectual property and cripple critical infrastructure, demonstrates the looming cyber threat that cannot be ignored.
This attack came on the heels of a significant uptick in cyberattacks by organised crime groups in recent months. These well publicised attacks, such as the attack on beverages company Lion or the one on Toll Group, have laid bare the weakness of cyber defences.
Nation-states and private actors are increasingly targeting FMCG supply chains and logistics companies. These actors are aware of the disruption it can cause to not only the business in question, but also the operations of multiple businesses who are reliant on their goods and services. Further, e-crime actors have also seen the opportunity to charge high-value ransoms. This has particularly been the case during COVID-19 when all elements of the supply chain have become more vulnerable due to understaffing, social distancing requirements, and increased consolidation.
Australian businesses are yet to understand the severity of the impact a cyber attack can have on a supply chain. For example, McGrathNicol recently fielded questions from a hospitality business who relied on Lion beverages for their supply of milk. The disruption of something as simple as milk supply was something this business had not considered a risk and as a result had an impact on their business while they considered alternate and cost effective supply.
Since the onset of COVID-19, we have observed multiple ways that cyber attackers have evolved their tactics. These attackers have leveraged people’s stresses and anxieties such as the removal of JobSeeker payments, or wanting access to health information, to lure people into clicking malicious links and opening compromised emails. Recently, we have even seen cyber attackers attempt to leverage the Black Lives Matters protest to lure the recipient into reading or viewing a compromised link.
A new ransomware tactic is the provision of tools that allege to remove ransomware the attackers themselves have installed. Businesses who are impacted by a Ransomware attack will often look for an option to recover in a way that doesn’t involve paying a Ransom. We have seen tools made available on the internet, allegedly made available by security firms or law enforcement, that claim to be able to unlock files which have been locked in the attack. When people download and use the software, they inevitably find themselves in a position of having to pay a double ransom – one from the initial ransomware attack and another for the double encryption that has occurred from the installation of the new software which is in fact Ransomware.
Cyber criminals are also becoming much more strategic and considered in their approach. Rather than a smash and grab attack, criminals are becoming more patient. For example, a threat actor can have access to a business’ network for months and will weigh up when to act in an effort to cause the most damage to its reputation and financial position.
Despite the increasing threat, it is evident that cyber attackers have been able to adapt their tactics quicker than businesses have been able to keep up. IT departments are still reactive, meaning they will seek to defend, defeat and deal with the consequences of an attack, but are lagging on strategies for active prevention.
What should businesses do?
As cyberattacks become increasingly sophisticated, businesses need to think beyond traditional approaches to keep their networks safe.
- Review security software: Fewer organisations are falling victim to a virus or a piece of malware. Rather, we are now seeing people falling victim to other people. An attacker will work their way around your system, regardless of your software. Therefore, organisations should be looking at reputable security solutions that include behavioural analytics, which use AI technology to identify threats through change in behaviour, rather than relying on software that is programmed to look for generic triggers.
- Ensure you have the right solution for your business: Smaller businesses tend to rely on what someone sells them. It is crucial that an independent assessment of your business’ needs and network is undertaken to ensure you have the right tools and systems to protect for your business. Attackers are becoming accustomed to tailoring their tactics for specific targets, and generic one-stop-shop software will no longer cut it.
- Delineate between IT and Security: Many people still think that IT and Security are still the same thing. Each department has different skillsets and requirements, and it is crucial that organisations define these roles, so that a strong and qualified security team is in place to monitor networks around the clock and ensure everything is safe, protected, and reliable. This is no different to security teams monitoring health and safety issues outside of technology. Many businesses outsource these roles and often having two service providers, one for IT and another for security, offers a balanced approach.
- Effectively communicate: When supply chains are attacked, companies begin to review and reconsider contracts they have with their suppliers and their rights under those contracts. Clear, fast, and consistent communication with all stakeholders reliant on the supply chain regarding what is happening, what it means and how it impacts them is crucial to remediation and recovery.
Darren Hopkins, partner at McGrathNicol Advisory.