Digital supply chains are growing exponentially as organisations increasingly rely on data to power their business. They expect data to flow freely, without borders or delays – but as expectations for data-on-demand grow, risks grow along with it.
Supply chains are often large and complex. With outsourcing an increasingly popular method of driving profits, there is little stopping your digital supply chain from having a long and frequently invisible tail that introduces unknown and unquantifiable risks. Once an organisation has agreed to engage with a supply chain partner, there is implicit trust that good practice will be followed⎯but in reality both your guards are lowered for mutual gain. That implied trust does not equal actual trustworthiness.
In Glasswall’s line of work, about half of the evasive threats we see are phishing emails, and the vast majority come from spoofed email domains. So it’s important to pause and ask yourself, does that email you think is from a partner actually come from a familiar person? Does the subject relate to a current task? Is that attachment genuinely an invoice or other expected business document?
How do you know for certain that the digital supply chain partner doesn’t have malicious actors crawling across their own network, or further out of sight down the tail? What happens if the partner has a DDoS attack and you lose a critical component of your business?
Real trust and integrity amongst the supply chain are dependent on several things. It’s vital that cyber security standards such as the Domain Message Authentication Reporting & Conformance (DMARC) authentication protocol are implemented, and that any such standard cascades outwards and is adopted to the point at which the tail ends. Make sure that you have visibility into your partner’s security protocols so you can influence those protocols as much as possible.
But beyond these customary practices, true security requires investing in leading-edge technologies that put the most effective protective barriers between you and your partners while not getting in the way of business continuity. There are some amazing technologies on the market that can stop all sorts of malicious threats, but they can come at a significant cost to your operational efficiency. Risky files will be stopped, but so will a lot of other trusted email, which then impacts the normal course of business, slows productivity, and drives employee sidestepping through the use of “shadow IT.”
For example, you can invest in a technology that attempts to identify and block what it determines to be malicious files. But in a world where the most sophisticated, elusive threats regularly evade detection-based technologies, that may not help you. Conversely, technologies that adopt a “when in doubt keep it out” approach negatively impact business in other ways. Files and documents may have certain characteristics that make them appear suspicious, but they may actually be perfectly benign; and yet they’re blocked at the gateways with recipients often unaware that a file was ever sent to them. Such false positives are a poison pill for productivity.
These disruptions are simply unacceptable given the required pace of business today, so it has become essential to invest in leading-edge technology like Content Disarm and Reconstruction (CDR). Rather than attempting to identify and block suspicious attachments, CDR regenerates clean secure files and passes them on. That which was malicious is made benign, with no blocking or quarantining required. You won’t have to make a call on what’s safe and what isn’t, and neither will any software. Business goes on as usual, with no disruption for you or the partner.
In a real-life situation, one of our customers had regularly traded thousands of spreadsheets with a supply chain partner on a weekly basis. Some of those files were contained in an out-of-date version of the software. This practice had gone on for years, and bad actors penetrating their security stack were able to silently observe the cadence then target the partner’s spreadsheet files to pass on a malware. No one was suspicious because the file-sharing was routine. Over 6 months, more than 170 malicious files were missed by the company’s old security technologies and got through the defenses. But after installing our file regeneration technology, the number of malicious spreadsheets the customer was facing dropped to zero. And that happened without imposing any additional and burdensome rules or practices imposed on the partner.
Taking this a step further, extended value chains including fourth or even fifth parties mean many documents go on a long journey. A company may receive an infected invoice from a third party but use a fourth party to pay the bill, sending the infected file along. Or consider an infected shipping manifest, which the shipper receives from the cargo-loading company, then sends to a distributor who passes it back to the original manufacturer. Along these journeys, the malwares infect all systems they touch. But for those with file regeneration technologies in place, the chain is immediately broken.
In these complex, long tail value chains, it’s also the case that no one wants to be patient zero. Ensuring the integrity of your outbound files and attachments is as important as defending yourself from those that come in. Given the abundance of cyber threats, prudent organisations should be taking a hard look at technologies that enforce a standard of compliance to both outbound and inbound files. Diligent policy-setting will always be important, but combining it with the right technology and a deliberate and constant focus on outcomes will provide far greater assurance that all organisations across the business ecosystem stay safe.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.