Broader Adoption Of Security Best Practices
Adversaries typically pursue the path of least resistance and would therefore much rather compromise someone in the supply chain and gain access to thousands of their customers rather than having to compromise each organization separately one by one, according to Secureworks Chief Product Officer Steve Fulton. Supply chain attacks provide the adversary with a target-rich environment, which spurs more activity.
Supply chain attacks have demonstrated that low-profile businesses can also attract the attention of hackers if they possess extensive customer access and data, Fulton said. But since these suppliers have historically been out of the spotlight, Fulton said they sometimes haven’t adopted basic security best practices like two-factor authentication and storing passwords in a vault.
Critical infrastructure organizations have in particular been outpaced and outmaneuvered by adversaries since they’re not living and breathing security around the clock and didn’t realize how big and expansive their risk was, Fulton said. These companies need more focus, visibility and accountability when it comes to security, according to Fulton.