This sounds familiar

Back in #WeekendWisdom number 41, I talked about supply chain risks. Since then there have been a couple of massive global supply chain hacks that have occurred.

What are these supply chain hacks you speak of?

The first one was late last year. The SolarWinds hack was revealed. SolarWinds makes network monitoring software that are used by large corporates and government agencies.

But for my audience, which will be the more smaller business owner, something happened last week. A company called Kaseya, they provide software for IT managed service providers who obviously look after the IT for their customers which are usually small businesses. This software enables those managed service providers to be able to remotely manage and control their client’s devices.

What happened with the Kaseya hack?

Well Kaseya were hacked and had their client’s devices were ransomed by the REvil ransomware gang. Now REvil claim that they have infected a million devices around the globe and they’re looking for $70 million to free up these devices. The whole story is still playing out, so we don’t know the full details of it yet.

What can you do about this type of risk?

But how would you, as a small business owner, be able to try and protect yourself from such a supply chain hack?

Well you really do need to make sure that any third party that is going to put some kind of service or device or software into your network, into your environment, to carry out a full, thorough due diligence on that supplier and their application.

If you don’t have the capability in-house, there’s plenty of people out there in the market and in the business that will be able to provide you with an independent assessment.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 086 Supply Chain Hacks appeared first on L2 Cyber Security Solutions Ltd..

I hear from a number of small business owners who say “I’m too small. There would be nobody interested in hacking me.”

How does a Supply Chain Risk occur?

Criminals may not be interested in hacking that business. But if they find out that that business has a big customer that they are more interested in, things might change. What they might try and do is compromise the security of that small business so they be able to get in through them, to the big customer. So that’s where they’re trying to get into the supply chain for their actual victim.

Can you give me a for example?

A great example of this type of supply chain risk occurred back in late 2013. Target, the large US retail company had all of their payment card terminals in their stores compromised. These had malware installed on them. That enabled them to steal up to 40 million payment card details from customers over the Black Friday weekend and subsequent shopping weeks leading up to Christmas.

What did the hackers do?

What had happened was, the criminals sent a phishing email to the Heating, Ventilation, Air Conditioning maintenance company that Target used. They compromised their computers there. They were able to find the network logon ID and password for the work order processing and invoicing system for Target. The criminals were then able to use those logon details to be able to gain access to Target systems and spread the malware.

So that’s what can happen to small businesses who have big customers.

Moral of the story: Small businesses do need to have good security in place too.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*. We can also talk to you about best practice for security in your #SmallBusiness in order to prevent you becoming a Supply Chain Risk.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 041 Supply Chain Risk appeared first on L2 Cyber Security Solutions Ltd..