Why CyberSecurity is Critical for Supply Chains
The world is becoming increasingly reliant on technology as a result of digitalization. For organizations, these advancements have created more interconnected and interdependent supply chains; organizations share data with their suppliers and rely on third-party equipment and services to improve productivity. Yet, organizations are now more vulnerable to supply chain cybersecurity threats as each supplier acts as an entry point – directly or indirectly. Research by BlueVoyant found that a concerning 93% of organizations feel the direct impact of a supplier’s security weaknesses. And while there is a general awareness regarding supply chain cyber security threats, few are aware of those related to hardware-based attacks.
The Unique Cyber Vulnerabilities of Supply Chains
Supply chains allow bad actors to launch widespread attacks from a single point, with the SolarWinds and Kaseya attacks being two well-known examples. Supply chain interconnectedness is so sensitive that 97% of organizations have been negatively affected by a cyber security incident occurring in the supply chain, according to BlueVoyant. When it comes to hardware-based attacks, the ability to amass multiple victims from one point of execution is highly appealing. Hardware-based attacks require physical access, meaning, to have multiple victims, the perpetrator must physically enter each entity. Yet, this is very inefficient, challenging, and time-consuming for opportunistic cybercriminals who want maximum reward for minimum effort. The supply chain offers a solution to such predicament by enabling “spray and pray” attacks; compromising just one supplier with a Rogue Device gives the perpetrator multiple victims.
However, not all hardware-based attackers exploiting supply chain cyber security threats are opportunistic; many have a specific target in mind. Often, in such instances, the target is of high value (such as critical infrastructure providers), meaning they are extremely well protected and, thus, difficult to physically breach. Suppliers, on the other hand, may not implement such stringent security measures, leaving them more exposed. The perpetrator, who is usually a state-sponsored actor with advanced resources, will conduct thorough reconnaissance activities to determine the supply chain weak links and, subsequently, gain physical access to one (or more) of the less secure suppliers. From here, the bad actor implants a Rogue Device which executes an attack that, thanks to interconnectedness, impacts the intended target.
How Supply Chains Act as a Pathway for Organizational Threats
Suppliers are not always victims of a hardware-based attack themselves; they might act as a pathway for an attack tool to enter a target organization. Let’s use an example. Assume that a police precinct wants to update all keyboards, mice, and security cameras in the building. Following a cost-benefit analysis, they decide to purchase Logitech keyboards and mice; and Samsung security cameras. These products get assembled along a production line involving several suppliers, moving from point A to B, B to C, etc. At any such point, one or more of the devices can get manipulated by a hardware-based attacker posing as an employee (or by an actual employee acting with malicious intent), who takes the device(s) off the production line and inserts an attack tool inside. The Rogue Device, known as a spoofed peripheral, gets put back in transit. It eventually reaches the precinct and executes an attack.
The Biggest Threats Facing Supply Chains
Exploiting supply chain cyber security threats through hardware-based attacks is highly appealing for malicious actors as Rogue Devices go undetected. Spoofed peripherals impersonate legitimate HIDs, appearing genuine to both humans and security software solutions, such as NAC, EPS, IDS, or IoT Network Security. Just as the former lack x-ray vision, the latter lack Layer 1 visibility – and both are necessary to identify hidden hardware attack tools.
Without Layer 1 visibility, Rogue Devices remain in the entity’s infrastructure, allowing for harmful activity, such as data theft, malware injection, DDoS, MiTM, and more, to take place. Organizations must achieve complete asset visibility to detect any Rogue Devices that may have entered through the supply chain. However, since suppliers are often targets of hardware-based attacks themselves, they, too, must gain Layer 1 visibility to prevent such attacks from exploiting supply chain interconnectedness.
Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to prevent hardware-based attacks from exploiting supply chain cyber security threats. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, HAC-1 enables a Zero Trust Hardware Access approach, which stops attackers at the first line of defense.
HAC-1 requires no hardware resources and does not monitor any traffic; within 24 hours, we can provide you with complete asset visibility and identify previously undetected rogue or vulnerable devices. Sometimes, what you see is not what you get – it’s time we change that.