Welcome to #WeekendWisdom number 86. This week were going to talk about Supply Chain Hacks.
This sounds familiar
Back in #WeekendWisdom number 41, I talked about supply chain risks. Since then there have been a couple of massive global supply chain hacks that have occurred.
What are these supply chain hacks you speak of?
The first one was late last year. The SolarWinds hack was revealed. SolarWinds makes network monitoring software that are used by large corporates and government agencies.
But for my audience, which will be the more smaller business owner, something happened last week. A company called Kaseya, they provide software for IT managed service providers who obviously look after the IT for their customers which are usually small businesses. This software enables those managed service providers to be able to remotely manage and control their client’s devices.
What happened with the Kaseya hack?
Well Kaseya were hacked and had their client’s devices were ransomed by the REvil ransomware gang. Now REvil claim that they have infected a million devices around the globe and they’re looking for $70 million to free up these devices. The whole story is still playing out, so we don’t know the full details of it yet.
What can you do about this type of risk?
But how would you, as a small business owner, be able to try and protect yourself from such a supply chain hack?
Well you really do need to make sure that any third party that is going to put some kind of service or device or software into your network, into your environment, to carry out a full, thorough due diligence on that supplier and their application.
If you don’t have the capability in-house, there’s plenty of people out there in the market and in the business that will be able to provide you with an independent assessment.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.