August 12, 2022

What Is a Supply Chain Attack and How Can I Protect Against It?

By Rotem Shemesh
Supply ChainThreat AnalysisDatto Managed SOC

With a 650% surge in supply chain attacks in a single year, this type of attack is a growing concern for MSPs and IT providers. In fact, 97% of firms have been impacted by a cybersecurity breach in their supply chain. Also referred to as a value-chain attack, or a third-party attack, a supply chain attack targets a trusted third-party supplier who offers services or software vital to the supply chain. Supply chain attacks are unique in that they take advantage of an organization’s trust in its suppliers in order to penetrate its environment and the goal is to gain access to their environments, steal sensitive data, or gain remote control over systems.

The impact of supply chain attacks varies and the result may be a widely spread ransomware attack, spear phishing campaigns, malware insertion (which may often take a while to detect), Intellectual Property (IP) or credential theft or network intrusion.

The evolution of supply chain attacks

Previously, supply chain attacks were foreign source threats. They were concentrated around spyware on hardware components. Cybercriminals have evolved and identified a greater potential ROI by attacking an upstream component that would affect multiple victims instead of targeting one victim at a time.

This makes software and IT providers an attractive target. Accessing them allows propagating the malware to many other targets through these connections.

Today, supply chain attacks target the trusted relationships between commercial software products, commercial hardware products, software components, third-party APIs and open-source software components allowing for more scalable attacks.

Why should MSPs care?

MSPs are held accountable for your customer’s IT security. Your clients trust you to provide them with secure IT solutions and should ensure you are aware of the risks of supply chain attacks. By initiating a discussion about supply chain attacks and third-party risk, you can enhance your relationship with your customers and build trust and educate them on the questions they should be asking their vendors.

What can MSPs do to avoid a supply chain attack?

To protect your customers from supply chain attacks, you should first keep your own house in order. Additionally, you should, at minimum, conduct a basic third-party security assessment of your software vendors.

To make it easier, we have listed some simple actions that MSPs should take to lower the chances of your customers suffering a supply chain attack:

Tactical decisions and actions you can make on a daily basis:

  1. Audit unapproved shadow IT

  2. Keep an updated software asset inventory

  3. Assess vendors’ security posture, identify dependencies

  4. Validate supplier risk

  5. Develop an incident response process

Strategic actions around software and supply chain security:

  1. Use endpoint detection and response (EDR)

  2. Deploy strong code integrity policies

  3. Maintain a highly secure build and update infrastructure/architecture

  4. Build secure software updates as part of the software development life cycle

  5. Update and understand existing dependencies

Considering that SMBs have limited resources that can direct to third-party risk assessment, the more MSPs can do to ensure you and your vendors are investing in security, the better.

Here is a list of actions you can take to reduce the risk of a supply chain attack.

Suggested Next Reads

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a software flaw that is unknown to the vendor and subject to exploitation. Learn how to identify them and prevent zero-day attacks.