here has been  a major supply  chain  breach  in the last year.  This was the now infamous
          TSolarWinds  hack. Many managers  now  wonder  what they can do  to defend  themselves.  The
          recommendation  is to assume that a breach  has already  occurred. One should  also utilize  a
          defense-in-depth strategy to reduce vulnerability to attacks.

          Supply Chain Attacks

          Cybercriminals have become savvy to typical perimeter-focused defense strategies and are finding ways
          around them. One of these cunning methods of attack is called the supply chain attack.

          This happens when the attack vector is hidden in something that has permitted access. Perhaps it has al-
          ready infiltrated the permitted software, or perhaps it was intentionally attached. These threats can sneak
          through in software, software updates, service providers, or hardware.


          The aforementioned SolarWinds hack is a great example of a supply chain attack. Late last year FireEye, a
          cybersecurity company, discovered and announced news of a cyber breach. FireEye was not, however, the
          first nor only company to fall victim to this attack.

          Roughly 18,000 SolarWinds customers suffered after downloading a software update. This list
          includes multiple Fortune 500 companies and over 250 federal agencies. Damages include breached confi-
          dential data and data theft.

          The original attack occurred long before this time. This was when the SolarWinds software was
          originally corrupted, but it went undetected. What makes this a supply chain attack is how the
          malware spread. It was distributed and installed by customers of the targeted company.

          A Zero Approach

          A zero approach, or zero-trust approach, is a security approach. It means that no software,
          hardware, person, or other potential threat carrier is trusted. It doesn’t matter whether something comes from
          internal or external sources. Everyone and everything must be thoroughly checked
          before being allowed to access network resources. Nothing is privileged.

          Without privileged parties, supply chain attacks are far less likely to succeed. Consider if the
          SolarWinds software update had undergone authentication procedures before being installed. The impact of
          the attack could potentially have been contained.

          Ensuring that nothing is taken for granted may end up saving your business. The additional security of a zero
          approach could protect you from supply chain attacks. This could save your business from the likes of data
          breaches, and ransomware attacks.























             26    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.