05 Feb Is Your Business Under Supply Chain Attack?
You’re only as secure as your partners
New York City, N.Y. – Feb. 4, 2022
One of the primary vectors for cyberattacks is through the supply chain.
Companies work with tons of different suppliers, vendors and other third parties. Whether it’s a key client, a third-party billing partner or the company that supplies your offices’ water cooler, organizations communicate with countless outside companies daily. A supply chain attack (also known as a vendor attack) occurs when the attacker compromises a third party. When a trusted partner gets hacked, all the companies they do business with are at risk.
This risk is real and rising. It made major headlines with the attacks on SolarWinds, Kaseys and Accellion. But it’s not just the major companies that are at risk. It’s everybody.
A survey in Oct. 2021 found that a breach in the supply chain has impacted 97 percent of companies; further, 93 percent said that they suffered a breach due directly to the suppliers’ weaknesses. Making things even more difficult was that breaches (at 37 percent) grew faster than cybersecurity budgets (at 26 percent).
It’s become such a concern that the European Union Agency for Cybersecurity expected a fourfold increase in such attacks, and noted that malware is used in 62 percent of the attacks observed thus far.
This is the new adage: Your security is only as good as your partner’s security.
Cybercrime TV: Gil Friedrich, Founder & CEO at Avanan
Protecting Office 365 inboxes from phishing attacks
Let’s take this example from the world of finance. Let’s say a vendor you work with gets hacked by a bad actor. Very easily, that hacker can begin sending invoices and reference strange bank accounts.
Here’s the tricky part: the sending email address will be legit. The standard sender verification marks will be passed.
Discerning users can find tell-tale signs that something is amiss in billing terms and fine print. Or, the reply-to address can be different than what you’re used to.
That cyber hygiene from end-users is incredibly important and is always recommended. But it may not be enough.
Or take this more generic example. Company A has been hacked. The hacker is sending emails from their account to scores of companies. When Company A sends an email to Company B, which has supply chain protection, the email is stopped.
This is why it’s incredibly important to secure the supply chain. However, not all supply chain protections are as robust as others.
For the best security, a solution needs to automatically learn a company’s list of suppliers and partners. If you have to upload or maintain a database manually, it is very easy to forget a supplier.
Beyond that, the solution needs to automatically discover the importance of the partner or supplier to an organization, looking at things like traffic patterns, the employees they engage, and more. It needs to be able to assess business volume by looking at all invoices, and then be able to dynamically calculate risk based on the dollar amount. In short, the solution needs to dynamically and automatically assess a company’s entire supply chain risk, and then constantly update and secure it.
You can’t ensure your partners and vendors will be secure as you are. But you can work to ensure their lapses don’t become yours.
– Gil Friedrich is co-founder and CEO at Avanan.
Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.
Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™. The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.