Supply chain attacks awareness tips

Hear from our tech team on how to enhance your awareness of supply chain attacks and safeguard your business proactively.

Supply chain attacks, once considered a rare occurrence, have now become a persistent threat that pose a significant risk to businesses worldwide.

We recently asked our tech team about the common mistakes that companies make, which puts them at risk of such attacks. But It’s not all doom and gloom! We’re here to arm you with the knowledge and strategies to defend against these threats.

Read what our tech team had to say about Supply chain attacks…

Headshot of Zak Clifford, Senior Penetration Tester at Cognisys.

“Are the staff well-trained? Do they utilise password managers? Are they well-versed in personal security and ensure MFA is enabled everywhere? You could have all the bells and whistles of security implemented for staff and technology, but it takes just one contractor’s login—where MFA isn’t enabled and a weak password, shared throughout the third-party company—to create a gaping hole in your network”

Zak Clifford, Senior Penetration Tester

Headshot of Ned Roscoe, Junior Security Analyst at Cognisys

Supply chain attacks are typically orchestrated by state actors or APTs with ample resources, often timed strategically during events like Christmas or Chinese New Year when people are relaxed and their guard is down. During my time managing networking at an MSP, I found myself dealing with the aftermath of incidents like log4j and SolarWinds breaches during Christmas and bank holidays, across numerous companies. The repetition and panic from staff became exhausting.”

Ned Roscoe, Junior Security Analyst

Headshot of Punit Sharma, Application Security Consultant at Cognisys

“A supply chain attack like the recent XZ Utils breach, CVE-2024-3094, underscores the fragility of digital trust. It’s a stark reminder that security is everyone’s concern, especially in open-source communities. This incident highlights how a simple oversight can endanger critical systems, stressing the need for constant vigilance and collaborative cyber security efforts.”

Punit Sharma, Penetration Tester

Headshot of Soham Bakore, Cyber Security Analyst at Cognisys

“Supply chain attacks breach multiple organisations via suppliers’ networks. To protect your organisation, consider including limiting network access, multi-factor authentication, network segmentation, monitoring solutions, source verification, securing update servers, software inventories, vendor security assessments, and endpoint detection.”

Soham Bakore, Security Consultant

Headshot of Chahat Mundra, Cyber Security Analyst at Cognisys

These attackers exploit vendor vulnerabilities, granting access to networks, compromising privacy, and disrupting operations. Stay proactive: monitor third-party software installations, integrate your supply chain into cyber management, and control critical data access. Ensure vendors properly delete data post-contract termination to mitigate security risks.”

Chahat Mundra, Cyber Security Analyst

Subscribe to receive the latest cyber insights

RECENT UPDATES

The biggest cyber attacks and vulnerabilities of April 2024

NEWS

The biggest cyber attacks and vulnerabilities of April 2024

Insights and trends from recent cyber threats and vulnerabilities from April.

Cognisys gains CREST OVS certification

WINS

Cognisys gains CREST OVS certification

The CREST OVS Penetration Testing Services, offered by Cognisys, aim to uncover vulnerabilities and weaknesses within both web and mobile applications, allowing clients to address them proactively.

Quix case study

CASE STUDIES

0-300mph ISO 27001 at F1 speed: Quix’s success story

Learn how Quix teamed up with Cognisys for their ISO 27001 certification, overcoming challenges through strategic collaboration for compliance and success.