FBI: Subcontractors Present Threat To Cybersecurity


Printer-friendly version Email this CRN article

Could having a strong cybersecurity program in place actually compromise work a company does with a subcontractor?

According to FBI Special Agent James Corbett, cybercriminals are increasingly turning toward subcontractors and supply chains as targets of attacks -- with the ultimate aim of attacking the companies with which those subcontractors collaborate.

Corbett identified cybercrime targets as "anybody with access to information," but said subcontractors in particular present a risk right now.

"Supply chains [hacking] is a big thing that we’re seeing these days. A lot of times, companies have robust security elements, so what [criminals] will do is look to who you subcontract to -- even your attorneys,” he said.

These types of breaches can start when a company gives a subcontractor access to something inconspicuous, like a printer.

"You could take a copier, or something that’s completely unclassified. What they’ll do is they’ll compromise a specific piece of equipment and place it into your end product, in order to create a 'backdoor' attack," Corbett said,

Corbett works through the FBI to help train companies and corporations on how to prevent physical and remote cyberattacks and data breaches.

Printer-friendly version Email this CRN article