• 05/08/2022
  • Industry News
  • Cloud and Mobile Security

Do you trust the security of your suppliers as much as your own?

Supply Chain Attacks, eine der Top 10 E-Mail-Sicherheitsbedrohungen, haben in den letzten Jahren dramatisch zugenommen.

Written by Ivelina Vodenicharova

Railway track with a hint of a fast passing train by coloured stripes.
Sichern Sie Ihr Lieferantennetzwerk.

The Challenge

A customer shared with us more than 2 years ago: “We implement numerous technologies and processes to ensure our data and assets are secured. But lately, it turns out that our level of protection is just as good as that of our partners and suppliers. And when the company decides we should put them in the trusted/whitelisted category, we are completely blindsided and exposed”. Supply Chain Attacks (SKA) should be taken seriously as they result in severe damage to the entire supply chain network. In this type of attack, cybercriminals penetrate an organization’s system through trusted suppliers, partners or vendors that have been whitelisted by the organization to facilitate data sharing and communication. 

Cable car over a lake.
The mechanisms of Supply Chain Attacks.

Scenarios of SCA

  • Email-based Supply Chain Attacks – Companies often whitelist their trusted partners. Because if one of the partners is breached, hackers can easily penetrate the company through this loosened control.
  • Compromising software/updates – Criminals hack a vendor and insert malware into their software or compromise network protocols.
  • Stealing code-sign certificates – By stealing certificates that guarantee a product’s legitimacy and security, criminals can spread malicious code under the identity of the vendor.
  • Infected hardware – Malware is already pre-installed on hardware, devices or firmware components.
  • Foreign-sourced threats – Almost half of the Supply Chain Attacks come from state-sponsored groups from abroad.
Man looking at an incoming train in the rain.
The risks of Supply Chain Attacks.

Why are Supply Chain Attacks so dangerous?

  • Multiple targets with one attack – SCA can infiltrate an entire eco-system and spread beyond.
  • Difficult to detect – Due to the complexity of supply chains and access agreements, SCA can go undetected
  • Supply Chain Attacks are sophisticated – Most organizations do not have the expertise or resources to effectively prevent SCA
  • Supply Chain Attacks deliver various types of malware – SCAs most often involve phishing tactics, viruses, or other malicious software
  • Damage to image and business relationships –More and more organizations are evaluating their partners based on their security maturity.

The Solution

There are already several approaches for companies to minimize the risk of breaches through their suppliers. GDPR encourages organizations to ensure that not only they comply with data privacy, but also their suppliers. At the same time, more and more companies are exploring how they can apply technological security measures to the so-called trusted/whitelisted partners without too much disruption to business processes and flows. GBS has developed advanced technology that provides the right features and flexibility to make this possible for your email communications. Using this holistic security solution, which takes into account the individual requirements of companies, the devastating effects of supply chain attacks can be prevented. 
Sykline of a big city at sunset.
iQ.Suite covers all relevant aspects of a holistic email management solution

iQ.Suite can be integrated seamlessly into your company's IT environment and provides effective protection through various mechanisms such as:

  • Attachment Conversion
  • Protection against ransomware and encryption Trojans
  • Removal of malicious macros
  • Conversion of email attachments to PDF or PDF/A Malware Protection
  • Scanning and blocking of malware, viruses, phishing, ransomeware, spoofing, email attacks and harmful content
  • Examine suspicious URLs and detect phishing mails
  • Identification and blocking of of unwanted files in PDF attachments Spam & Content Recognition
  • Spam detection and filtering
  • Categorization of mails & Content Recognition
  • Prevention of sending confidential information to unauthorized employees
  • User-specific whitelist and blacklist
  • Automatic, rule-based entry of communication partners in whitelists Server-based Encryption
  • Centralized management of email security
  • Central, multi-client-enabled key and certificate management

Author

Ivelina Vodenicharova

Product Marketing Expert

DIGITALL Nature Germany GmbH