Welcome to #WeekendWisdom number 41. This week we’re going to talk about Supply Chain Risk.
I hear from a number of small business owners who say “I’m too small. There would be nobody interested in hacking me.”
How does a Supply Chain Risk occur?
Criminals may not be interested in hacking that business. But if they find out that that business has a big customer that they are more interested in, things might change. What they might try and do is compromise the security of that small business so they be able to get in through them, to the big customer. So that’s where they’re trying to get into the supply chain for their actual victim.
Can you give me a for example?
A great example of this type of supply chain risk occurred back in late 2013. Target, the large US retail company had all of their payment card terminals in their stores compromised. These had malware installed on them. That enabled them to steal up to 40 million payment card details from customers over the Black Friday weekend and subsequent shopping weeks leading up to Christmas.
What did the hackers do?
What had happened was, the criminals sent a phishing email to the Heating, Ventilation, Air Conditioning maintenance company that Target used. They compromised their computers there. They were able to find the network logon ID and password for the work order processing and invoicing system for Target. The criminals were then able to use those logon details to be able to gain access to Target systems and spread the malware.
So that’s what can happen to small businesses who have big customers.
Moral of the story: Small businesses do need to have good security in place too.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*. We can also talk to you about best practice for security in your #SmallBusiness in order to prevent you becoming a Supply Chain Risk.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.