In part 9 of our Source-to-Pay+ series, we talked about the need for cyber risk monitoring and prevention because, in today’s hyper-connected SaaS world, nearly half of an organization’s data breaches originate in the cloud. These risks don’t just come from cyber criminals. Some come from less-than-scrupulous employees and others come from suppliers, even well meaning ones. After all, who cares if the front door is locked when the back door is wide open.
Why do you care about your supplier’s back door? What do cyber-criminals want?
- valuable intellectual property
- exploitable personal data
Where can they get this?
- account hacking, which is hard, or payment redirection, which is a lot easier
- your ultra-secure server which is locked down tighter than Fort Knox with everything on it encrypted in 256-bit AES encryption, or the relatively unprotected Google Drive your supplier stores it on (as the file will be open to anyone who can compromise the account)
- your double encrypted HR database stored in a secure AWS instance or the plain-text Microsoft word documents stored on the supplier’s sales rep laptop with its unencrypted hard drive and an utter lack of virus protection and internet security software
In other words, if your supplier has:
- a lot of your money coming its way
- your intellectual property
- your executives’ personal data
and their cybersecurity is not as good as yours, you can be sure the cybercriminals are going to be going to, and through, them to get to you.
So you need to know which of your suppliers are at risk, so you can reach out to them and work with them to close the holes and eliminate the risks to them, and you. And for suppliers that you do significant business with (and regularly send million dollar payments), who hold your patented IP (for custom manufactured electronics, etc.), or store your employees and/or customers HR data, you need to not only assess their vulnerabilities but continuously monitor for threats.
You need a supplier vulnerability assessment and monitoring solution that can identify vulnerabilities, help you communicate those to your supplier, detect improvements, and, most importantly, identify new threats as they emerge that could cost you, or your supplier, significantly.
Darkbeam is one of these solutions. The Darkbeam solution offers both of these capabilities, continuous vulnerability monitoring across your entire supply base (at a very affordable price point that starts at a mere £25,000 a year, which is low-end for any cybersecurity solution) and continuous threat monitoring, and assessment, of critical suppliers in your supply base (which you can add for an incremental cost that can be as low as £10,000 a year for your ten most critical suppliers).
The vulnerability assessment solution monitors:
- Connections: SSL certificates and associated validations (hosts, IP, TLS, etc.)
- Privacy: e-mail and cloud servers and configurations and breaches (esp. email addresses)
- HTTPS: web site configuration, cookies, and port security
- DNS: DNS record completeness, security, and recent changes
- Blacklist: domain and email blacklist monitoring
- Exposure: shared host identification, domain permutation monitoring, favicon, exposed subdomain monitoring, etc.
Cyber-weakness in each of these areas is highly relevant because it could allow hackers and cyber-criminals to exploit your supplier, and you, in ways that include, but are not limited to, the following:
- an expired SSL certificate could allow a cybercriminal to register a fake certificate that validates a fraudulent facsimile of the actual site
- exposed email accounts could allow a cybercriminal to masquerade as a supplier representative and change banking details for payment
- an insecure site configuration could provide a backdoor into your entire network
- incomplete DNS records could be completed by a cybercriminal and redirect traffic to a fraudulent site
- if a domain shows up on a blacklist it could prevent email/traffic to/from the domain; and if emails show up on a blacklist, it could indicate compromised emails and/or emails not being received by their intended recipients
- if a supplier’s website is on a shared host that is used by a lot of other sites (that are insecure), a number of (one-character-off) permutations of the supplier’s domain have been registered, favicons are being replicated, etc. then that is a strong sign the supplier is being targeted by cyber criminals (that could be coming for you, or your customers, through them)
Based on their assessment, they will compute a cyber-risk score (out of 999), the lower the better, and the higher the more concerned you should be (and the sooner you should reach out to your [potential] supplier to have a conversation about what they are doing to increase their cybersecurity, especially if they have, or will have, your IP or personnel data).
The threat monitoring and assessment solution is a service-based solution where the Darkbeam cyber-intelligence team continuously monitors the web and dark web for potential threats, investigates those threats when they are detected, and if the threats are relevant, they send you a report on which you can take immediate action which can include, but not be limited to, involving the proper authorities, that they have experience working with in multiple countries.
They literally monitor dozens of legit security and threat-intelligence sites (where general cyber security firms release warnings of cloud or software insecurity along with known breaches) as well as dozens of dark-web sites where shady characters like to sell, or at least indicate the presence of, IT, Trade and Finance secrets they should not have. On many occasions, they have detected breaches and data theft even before the supplier’s IT team knew about it (and definitely well before you did, if you were ever told).
If an incident or threat is detected, the threat report you receive will outline the issue (e.g. data exposure / breach), the root cause (e.g. system breach, ransomware, etc.), when it was detected, how it was confirmed, and what is currently being done / monitored. It will then outline the perceived severity (e.g. medium due to potential IP leakage, high due to personal data likely being stolen) as well as any potential follow on risks (i.e. personal logins that can compromise other systems). It will summarize the currently known information uncovered by the analysts and the current status (which could be ongoing). And it will provide current recommendations, such as reaching out to the supplier, changing logins and/or locking down your systems, reaching out to various agencies, etc.
All in all, Darkbeam is a great Supply Chain Cybersecurity solution and should be on your consideration list if you don’t have such a solution already. Cyber attacks are coming, and it’s best to be ahead of the issue, then behind it.