WATCH CASE STUDY
On June 27, 2017, confused Maersk employees are showing up at the IT helpdesk with their laptops in their hand. The numbers were increasing by the minute. Their laptops were encrypted and very much useless at this point. What happened?
Maersk was hit with the most popular ransomware attack in the history of the internet. 56,000 devices were encrypted in just a few minutes. 100% of the devices connected to the Maersk network were encrypted. Maersk ships 25% of the world's food supply and the whole operation came to a grinding halt due to this ransomware attack. What happened?
There are a number of lessons to learn from this story and the biggest one is about securing your supply chain. The attack on Maersk originated from their supplier that provided the accounting package to the company. The supplier’s servers got compromised, the malware was injected into the software update and every company that’s using the package was hit. The attack cost Maersk a total of $350,000,000 and overall cost $10 billion to all the businesses that were impacted as a result of this particular ransomware attack.
A recent survey shows that 6 out of every 10 businesses that had a cyber attack will never recover and eventually collapse. In previous posts we have addressed the steps you can take to protect your business, which you can read here.
But even if you take Cyber Security seriously in your company, often businesses ignore the threats that come from the supply chain.
What can you do?
Understand the risks
What’s the risk? What information and data do you share with your supplier? Categorise your supply chain to make it easy and understand your supplier’s attitude to security. For example, if it’s a cleaning company they may not pose the highest risk whereas a cloud system provider will, so categorise all your suppliers by low, medium or high risk.
Establish a baseline
Once you identify the risks and categorised your suppliers it’s time to set the minimum security standard for each category. Communicate the standards to your suppliers and raise awareness for these standards. Build the baseline security measures into your supplier contracts. While you are at it you will want to make sure you are adhering to those standards as a customer and supplier. It’s a good idea to build your vendor risk assessments.
These controls are not just for big businesses. Even the smallest businesses/suppliers can be a risk to your security. A good starting point for small businesses and even sole traders can be asking for an industry-supported Cyber certification.
At the very least, ask for a copy of their Cyber Security policy.
The number of businesses losing money to supply chain fraud is humongous. You definitely don’t want to be losing your hard-earned money because your supplier wasn’t taking security seriously.
It is one thing to get your suppliers to comply with your baseline requirements and another thing to follow up regularly. Cyber Security is a constantly evolving beast and one would need to keep up with the changes, the latest threats and trends. Build a good relationship with your suppliers to give each other a heads up if there is a cybersecurity issue that crops up that both parties should know about.
I hope that helps you to get started. If you want to get started with getting your Cyber Security sorted here is a free 10 step guide to help.
- TechForce Cyber COVID-19 assistance
- The Essential Cyber Hygiene for your business
- Why do you need a SIEM?
- Deadline for the Cyber Essentials Voucher
- New Year cyber security recommendations
- How to uncover network vulnerabilities
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Protecting your business in the cyber security era
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
TechForce Cyber COVID-19 assistance
We are facing one of the biggest challenges we have ever seen. COVID19 sweeping the country. At TechForce, we are trying to do our bit to help.More
The Essential Cyber Hygiene for your business
We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your businessMore
Why do you need a SIEM?
A SIEM is a security information event manager, which very simply means its software that manages events regarding information security, simple enough.More
Deadline for the Cyber Essentials Voucher
Any Scottish registered SME can get up to £1,000 voucher towards their Cyber Essentials certification. It is available for first-time applicants. However, the scheme is now coming to close.More
FOR LATEST UPDATES SUBSCRIBE HERE: