Cybersecurity -- Supply Chain Economics

In business school, students learn that supply side economics involves lowering regulations to foster growth. Growth will enable lower prices for consumers and increased prosperity. With manufacturers, they also are in the mindset of increasing efficiencies to lower costs and produce quality goods at lower prices to foster growth for their organization as well as their customers.

Interestingly, this parallel of supply chain economics and supply chain objectives is being used by cyber hacking firms. Early generations of hacking involved one hacker creating malicious code and using it to infiltrate targets of their selection. This method was not very efficient or financially rewarding for hackers. However, as the efficiencies of the internet improved, so have their methodologies. The most current model is called ransomware as a service (RaaS). To have the lowest cost and highest reach of the hacker’s malicious code, they have created a website where they take their product and essentially rent it to any person (distributor) who would like to use it. A distributor “rents” their software and has a full turnkey operation – and, if the renter is successful in penetrating a person or company, they have a revenue share of the bounty. This model is highly organized and creates a widespread distribution at a low cost that can create a maximum financial return. 

Some examples of recent supply chain attacks include the following:

1. The Colonial Pipeline – In this attack, the dark web was used to find credentials that were active and then used to impact the pipeline supply chain for almost one week. (Oil and Gas)
2. JBS – Hackers in this attack infiltrated the predominant meat supplier from Australia and disrupted supply chain activities around the world. It is reported that JBS paid almost $11 million in bitcoin to alleviate the constrictions that were created. (Food)
3. Kaseya – In this recent attack, the RaaS group infiltrated this company that provides software to thousands of small and medium-sized businesses via a cloud supply chain process. The cyber-attack shut their services to all clients immediately and was caused by what appears to be a direct software penetration on the vendor. The group initially asked for $70 million in bitcoin to release all businesses that were connected to the supply chain software provider. (Software)

Supply chain vendors seem to be the new target of cyber-attacks and the reasons why are easily understood. The hackers get the best bang for their buck getting into a supply chain ecosystem. If an organization is involved in supply chain manufacturing or distribution, regardless of vertical industry (as demonstrated above), it is highly recommended they develop and implement a strong cyber hygiene program immediately. The U.S. government has developed a new set of cyber controls that can be seen under the CMMC Compliance Model (Cybersecurity Maturity Model Compliance).

There are many things an organization can do immediately to help improve their cybersecurity efforts.

1. Enable multi-factor authentication for all company-used applications and assets.
   1. Having these features enabled prevents attackers from stealing a password to an account and immediately signing in to it.
2. Perform yearly penetration tests on systems.
   1. A yearly assessment of the strength and protection of IT Infrastructure helps keep the company up-to-date on all security patches for servers and workstations.
3. Enroll employees in monthly cybersecurity training and awareness courses to help keep their knowledge and behavior up-to-date.
   1. The end user is one of the most attractive assets to an attacker as there is always a chance for human error. With constant training and awareness in security-centric ideas and practices, the room for human error decreases.
4. Monitor a company’s email domain on the dark web to stay up-to-date on any compromises that occur on the web.
   1. The Colonial Pipeline attack occurred because a former employee’s credentials were found on the dark web and were still active in the company. This allowed the attackers to bypass all the security systems put in place. Monitoring credentials on the dark web helps prevent such occurrences. Mitigate the use of found credentials by disabling old accounts -- or changing passwords to current ones if they have been found there previously.
5. Formulate a business continuity/disaster recovery (BCDR) plan on all systems to help prevent attacks such as ransomware or from natural disasters.
   1. Having a BCDR plan in place can help reduce the downtime in a disaster. Backing up servers and workstations to devices designed for BCDR can help business continue by creating a virtual machine of the server on the cloud. This allows business to continue as normal while the physically affected server can be fixed from the disaster that occurred.

The world of cybersecurity is changing at an increasingly rapid rate. With supply chain organizations, small and large, becoming the new focus of cyber hacks, having a well-structured cybersecurity program that adheres to standards and is followed is becoming even more important.