The theft of trade secrets, proprietary data, intellectual property or customer information is on the rise. Sophisticated attack groups with the motivation and capability to use techniques well beyond mainstream malware are increasingly targeting businesses through their supply chain.
Cyber criminals constantly find new ways to steal an organisation’s valuable information. The company’s supply chain is often the weakest link and the easiest place to find that information because many of those organisations are not actively looking for evidence of compromise.
David Owen, Strategy Director, BAE Systems Detica Australia said:
“BAE Systems Detica has seen a marked increase in attacks on supply chain targets such as professional services companies, legal firms, IT outsourcers, marketing agencies or other third party advisors and companies. The main targets have increased their defences so attackers a looking for another route in. Hackers can easily get into an organisation through the third parties a company works with.”
The factors that have led to the increase in targeted attacks of supply chains include:
- growing resources and sophistication of attack groups
- increase of blended attacks
- low risk of getting caught for attackers
- increasing difficulty to detect threats and attacks
- challenge of identifying the specific behaviour patterns of sophisticated attacks
- lack of resources in the Australian industry to perform sophisticated analysis, follow-up investigation and response/clean-up.
BAE Systems Detica suggests the following best practices to protect your supply chain.
- Prepare It is important to understand your so-called trophy information (information that is highly desirable to hackers and corporate thieves), cyber risk, compliance environment and internal cyber capability. These are the first things to assess in any cyber security plan. Based on this knowledge, you can develop strategies and tactics that will help address cyber risks based on priorities. It will also pinpoint whether you need to develop your workforce to become more cyber aware and what additional skillsets might be required. Publish your business rules for cyber security and create awareness of these among your employees and those of your supply chain.
- Monitor Businesses should continually monitor systems and networks for signs of malicious activity, but also keep track of changing business requirements, emerging trends and the external environment they operate in. Make sure you measure the effectiveness of cyber security (technical and non-technical capabilities) as this will help you stay on track.
- Protect It’s imperative to design and deploy cyber security solutions that will address risks and enable the business to operate with confidentiality and integrity. However, these solutions need to be carefully developed so they don’t cripple your systems by being too secure. Apply sound engineering processes to the selection, development and deployment of cyber capabilities so that they integrate well with your business operations.
- Respond Having response plans in place sounds like a given, but this is often overlooked by businesses. Understand your capability to contain and recover from cyber incidents and make sure you learn from previous ones and that the appropriate feedback is given in order to prepare processes.
- The human factor Companies place a lot of importance on technology when it comes to cyber security it it important not to overlook the human factor. Do employees understand the sensitivity of the data they have access to and the implications if there is a security breach? Getting employees to care about security and understand that they have an important role to play in keeping the organisation’s cyber security risk to a minimum is key.
David Owen said, “Without the human element, the technological controls are useless. Creating a culture of security is imperative. Companies must always consider the suppliers’ security measures to ensure they align with theirs”.
- Ends -
Tel: 02 9252 2266
About BAE Systems Detica
BAE Systems Detica delivers information intelligence solutions to government and commercial customers and develops solutions to strengthen national security and resilience.
Detica is part of BAE Systems, a global defence, aerospace and security company with approximately 90,000 employees worldwide.
BAE Systems delivers a wide range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. For more information, please visit www.baesystems.com
BAE SYSTEMS and DETICA are registered trademarks of BAE Systems plc.