As time goes on and more attacks make the headlines, ransomware, and its associated costs, are becoming better understood by industry leaders. Another avenue of cyber-vulnerability that has been making headlines recently is the supply chain, where a cyber attack against one organisation can have damaging effects on its clients, or even their own suppliers. This post details how the two can combine together, and how that may affect your business without the necessary preparation.
What is ransomware?
Ransomware is a form of malware that can affect either an individual or an organisation. An attacker plants malware on a computer, or network of computers, that when triggered, encrypts all vital data on the machine and in some cases steals sensitive information. The attacker then demands a ransom in exchange for decrypting the machines and not leaking sensitive information that could damage the company or its customers.
In some cases, paying the ransom results in regaining control of machines. In others, the ransom might be paid and the attackers simply take the money and cease contact. In either case, expense to the business can be extraordinarily high, and if sensitive data has been taken, there is no guarantee what might be done with it whether the ransom is paid or not.
What are supply chain attacks?
Supply chain attacks involve attackers gaining access to a company’s network or data via a vulnerability in another company’s infrastructure further up the supply chain. For example, if you host data in the cloud, and the cloud service is breached, your data may become exposed.
However, you don’t have to be directly impacted by a cyber attack further up the supply chain in order to feel the impact. If an organisation further up your supply chain is impacted by an incident and cannot fulfil their usual service, this could affect any businesses that organisation works with. Costs could be incurred further down the supply chain as other arrangements have to be made and business may be lost due to the lack of availability of materials or resources.
How are they linked?
Many companies have a better understanding of how ransomware can affect their business directly, but there are a number of ways the supply chain can come into the picture.
Firstly, even without any direct cyber impact at all, a ransomware attack on the supply chain could cause serious issues for the targeted company’s customers. Infosecurity Magazine reported recently on a UK logistics firm that was forced to enter administration after finding it impossible to recover from a ransomware attack.
While the damage to the targeted firm is devastating, the effect on its customers cannot be ignored. Most of these organisations will now have to find new suppliers, which will cost money and take time. There may even be an impact on supply to their own customers while they set up a new delivery regime.
Secondly, a business’ supply chain could be a vector for becoming a victim of ransomware themselves. While companies can take appropriate action to protect their own networks and infrastructure, a supplier who has access to their systems could be a chink in the armour.
In July 2023, a vulnerability in Progress Software’s MOVEit file transfer software led to the infection of multiple client businesses with ransomware. The victims were from a variety of industries, including banks and universities. More than 2000 companies may have been affected by the spate of attacks.
The attacks resulted in multiple lawsuits pursued against a number of organisations involved, demonstrating that protecting your own systems against ransomware is not enough to prevent yourself from falling victim to it via the supply chain.
Mitigations
It is imperative that due diligence is performed when taking on new suppliers, and a thorough review of current suppliers’ systems and processes should be undertaken. Additionally, performing an audit of what data you are entrusting to third party organisations is an important step, followed by a risk assessment of a potential breach.
GSA Global can help with assessing your data exposure and calculating associated risks, along with technical assurance of your own applications and infrastructure to help reduce the likelihood of falling victim to ransomware through vulnerabilities in your own systems, or those of your suppliers.
