Strengthening Supply Chain Security: Insights and Best Practices
In our interconnected digital landscape, supply chain cyber-attacks are a significant and growing threat. Targeting links between various entities and exploiting vulnerabilities to infiltrate and disrupt systems. By compromising suppliers, attackers can access multiple organisations, bypassing direct security measures that individual organisations may deploy.
NHS Cyber-Attack
Main hospitals in London declared a critical incident on Tuesday 4th June following a cyber-attack which had a ‘major impact’. Believed to be by a Russian group of cyber criminals named Qilin, this led to the cancellation of operations and the redirection of emergency patients. The ransomware attack targeted hospitals partnered with Synnovis, a provider of pathology services, affecting King’s College Hospital, Evelina London Children’s Hospital, and several other primary care services. The disruption, caused by the inability to connect to a main server, had a substantial impact on essential services like blood transfusions and test results additionally. The supply chain cyber-attack also affected GP services across several London boroughs. While some procedures were cancelled or redirected, the NHS ensured emergency care remained available.
This incident has showcased the vulnerability of organisations to such cyber-attacks, despite substantial investments in IT security. PureCyber emphasise that there is a need for strong cybersecurity defences and contingency plans in public sector organisations, especially within healthcare and other vital sectors. Matt Jones, Chief Defensive Security Officer at PureCyber, says “Historically, larger companies have been the primary targets of major attacks, but the trend of supply chain attacks has now broadened to include not only large enterprise companies but also their suppliers. Unfortunately, some organisations within the supply chain lack the same budgets or cyber maturity as their larger clients. Threat actors are becoming increasingly aware of this discrepancy.
As an attacker, would you target a company that has sophisticated cybersecurity defences, or one who may not fully realise the level of risk and therefore not have the appropriate levels of security in place? These suppliers often hold sensitive information or can provide access to the supply chain. This can include their own data or data of larger companies and other links in the supply chain.
The emphasis on supplier due diligence has never been more critical, especially with the recent data leaks we've observed in the sports, events, and banking industries. Understanding what data a supplier holds on your behalf and how they protect it may not entirely prevent an incident, but it will help to significantly limit the likelihood and potential impact on your organisation.”
Ticketmaster Customer Data Breach… Is this just the beginning?
A cybercriminal group, ShinyHunters, claims to have stolen personal data from 560 million Ticketmaster customers, including full names, addresses, phone numbers, partial credit card details, and order histories. The group of hackers who store and sell large amounts of customer data on the dark web, announced on an online forum that they accessed Ticketmaster customer information and plan to sell the data, resulting in this hack being one of the largest of the year. CBS News verified leaked email addresses, belonging to individuals in the United States, Canada, and New Zealand, including names of current and former Ticketmaster employees. Further articles have been released alluding to a potential compromise of a third-party who is hosting the data, which suggests that the vulnerability might extend beyond Ticketmaster itself. This raises significant concerns about the security measures of external partners.
Given the scale and potential impact of this supply chain breach, it's crucial for affected customers to take immediate steps to protect their personal information and monitor their accounts for any suspicious activity. Furthermore, it is equally as important for promoters and venues to take the appropriate steps in protecting their customers data and ensuring their supply chain is secure.
Financial Services Attack
Banking firm Santander has also acknowledged experiencing a data breach that affected millions of its customers and employees. This incident came to light after the same group of hackers responsible advertised the stolen data.
Although Ticketmaster, owned by Live Nation Entertainment, has not confirmed the attack, the Australian government and FBI are investigating the claims. Ticketmaster users should assume they are at risk and PureCyber recommend:
Changing account usernames and passwords immediately
Monitoring bank accounts and credit cards for unusual activity
Initiating a fraud alert or credit freeze to protect against identity theft
Consumers should be cautious of unsolicited ticket offers and verify any suspicious links through Ticketmaster's support line. Awareness and proactive measures are crucial to mitigate the risks of this potential data breach. By implementing these recommendations, consumers help protect the integrity and security of the entire supply chain. This vigilance helps prevent the spread of malicious activities that can compromise other components of the supply chain, thus reinforcing the overall security framework.
Fourth Wall Breach
Fourth Wall Limited have a number of services one of which is a platform for fan engagement. By entrusting Fourth Wall with key aspects of the membership program delivery where they hold PII (personally identifiable data) on behalf of organisations offers considerable risk to all parties if this data is not correctly protected. Recently, several organisations linked to Fourth Wall have reported of unauthorised accessing of data, such as that of Supporters Club members data; including first names, last names, data of birth, email addresses, physical addresses, and the type of membership, were accessed by white hat hackers.
These incidents serve as blatant reminder of the vulnerabilities inherent in supply chain relationships.
Remaining vigilant for any unexpected or unusual e-mails, in particular any requests which contain links or ask for payment information is essential. This heightened awareness is vital employees as cyber threats can exploit even minor lapses in vigilance, potentially compromising the entire supply chain. Ensuring that all stakeholders are cautious and proactive helps safeguard against data breaches and fraud that can disrupt supply chain operations.
Supply Chain Security: Best Practices and Guidance
In light of recent supply chain cyber-attacks affecting organisations like the NHS, Ticketmaster, and the Welsh Rugby Union, implementing secure and complete cybersecurity practices is paramount.
PureCyber provides some key steps to enhance supply chain security:
1. Due Diligence
Conduct thorough assessments of supply chain partners' cybersecurity posture before onboarding them. Clearly outline security expectations and responsibilities in contractual agreements.
2. Monitoring and Auditing
Regularly monitor and audit supply chain partners' cybersecurity practices to ensure ongoing compliance and identify potential vulnerabilities.
3. Employee Training
Invest in employee training and awareness programs to educate staff on identifying and mitigating cyber threats, minimising the risk of human error.
4. Multi-Layered Security Measures
Implement multi-layered security measures, including access controls, encryption, and network segmentation, to protect sensitive data and systems from unauthorised access.
5. Incident Response Planning
Develop proactive incident response plans and conduct exercises to simulate various attack scenarios and test response procedures, enhancing overall cybersecurity resilience.
6. Adopt a Governance Framework
Aligning your organisation to governance frameworks helps you to fully understand the way your processes work and where your security controls fit in. Governance accreditations such as IASME Cyber Assured and ISO27001 have clauses to give companies frameworks to improve their supply chain due diligence.
By prioritising risk management, collaboration, and continuous improvement, organisations can effectively safeguard their operations and maintain trust in this evolving digital landscape.
For support on supply chain reviews and data mapping please contact info@purecyber.com or see details of our subscription services.