In late 2018, major media reports emerged with news that China had inserted a tiny chip into the semiconductor supply chain of 30 US companies, including Apple and Amazon. The brilliance of this attack reveals a critical motivation for hackers targeting manufacturers - by infecting the supply chain of a single manufacturer, the adversary gains access to all the end users of the compromised product or component.
When there’s a tightly integrated supply chain, an attack on one organization can have disastrous effects across stakeholders, partners and customers. For this reason, end customers, supply chain partners and government regulators are calling for heightened focus on cyber security for manufacturers. Most of these requirements point to guidance provided by the National Institute of Standards and Technology (NIST).
It’s unlikely that you’re one of those 30 large manufacturers, so why do you need to know about this story? Manufacturers of all sizes are under attack because cyber criminals have realized the manufacturers have two qualities that make them attractive for attack: connectivity and customer trust. In order to compete effectively, manufacturers tend to be deeply connected with their vendors and customers. This mutual need for connectivity gives rise to trusting relationships amongst vendors, customers and manufacturers.
Hack one, hack them all
Hackers are keenly aware of the trust relationships throughout a manufacturing supply chain and product lifecycle. Your highly integrated relationships make you into a highly valuable target to an attacker. These trusting relationships lead to trusted communication (email, Dropbox, DocuSign, etc.). This is useful for productivity, but it also helps an attack spread - meaning that an attack on one manufacturer quickly leads to an attack on its entire customer base. Once a hacker is inside the organization, he can exploit that heightened trust via malicious communications. In little time at all, the attacker has compromised your business and your customers.
Watching movies about hackers will have you believe that compromising a company is possible in mere minutes from any phone terminal. In reality, firewall and software update improvements have all but eliminated hacks beginning from outside a company’s network. Today’s hacks begin with social engineering.
The issue is that humans (all of us, at all stages of life!) are vulnerable to being fooled into making a risky decision. In the digital world, this poor decision can be the simple start to a costly breach. Unknowingly, we can open the door to a skilled con artist, virtually welcoming them in with a red carpet and rendering most security tools useless.
Social engineering is the modern term for the art of the con, using trust to compromise you, your team and your company. These criminals use genuine-looking emails and websites laced with malicious links, tempting your people to click on one of these fraudulent links. They use disguised phone calls and text messages to lure your team into giving up sensitive information.
These attacks can have devastating impacts, costing your business tens of thousands or more in recovery costs, lost productivity and expensive ransom demands. This is not to mention the loss of customer and stakeholder trust.
As is called out in NIST guidance, training your users on safe online behavior is a critical step in securing your company, your partners and your customers.
Ready to learn more? Connect with us here!
Join the newsletter to receive the latest updates in your inbox.