Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 2-5, 2019
London UK
10/25/2018
12:00 PM
John Wilson, Field CTO, Agari
John Wilson, Field CTO, Agari
Event Updates
50%
50%

Stop Doing Business with Cybersecurity Cheapskates

I live in a suburban city in Silicon Valley. Every year, at least one or two homes in my
neighborhood get tented for termite fumigation. I’ve had to do my own home three times in the past 25 years. During that time, I’ve seen pretty much every house on my street tented at least once except for one a few doors down from me. Also, this particular house doesn’t bother to mow their lawn, their driveway is overrun with weeds, and there are enough dead leaves and branches on their roof to make the entire neighborhood a fire hazard.

By now, you’re probably wondering what any of this has to do with cybersecurity. I’ve got
security cameras, smoke detectors, CO detectors, motion-activated lights, and a solid fence
around my yard. Yet, no matter what I do to protect my own property, my neighbor will continue to be the weakest link in the security of my home. Until my neighbor kills off the termites that make their way from his walls to every house on my block, I’m going to need to keep tenting my house every 8-10 years. My smoke detectors may save my life, but they aren’t going to save my home if an inferno starts from the dead leaves on my neighbor’s roof.

Your supply chain is a bit like my neighborhood. Some of your suppliers take extreme pride in
protecting their data and systems, while some of your suppliers are like my sloppy neighbor.
Just as my neighbor’s carelessness causes undue risk to my property, some of your suppliers
place your business at risk.

Business Email Compromise schemes involving a compromised email account at a business
partner have increased 2,300% since 2015. An ATO-based BEC attack begins when one of
your suppliers has one of their corporate email accounts compromised, usually via phishing.
The attacker monitors your supplier’s email communications for outgoing invoices. At this point, the attacker will either modify the invoice, changing the payment account details, or will send a follow-up email explaining that the first invoice should be ignored as it contained the wrong payment details. Eventually your angry supplier will be demanding payment, and the finger-pointing begins. Even if your supplier accepts responsibility, you’ll spend many frustrating hours trying to resolve the issue. Worse, your email hygiene solution is unlikely to stop an email containing a crypted sandbox-aware weaponized document if that document is sent from a trusted business contact’s compromised email account. Soon the invoices you send to your customers may be tampered with, and your incoming payments will get diverted to criminals.

I could complain to the city about my neighbor, in fact, my wife has on multiple occasions.
Unfortunately, there are things you can’t control in life, and my neighbor’s behavior is one of
those things. When it comes to your supply chain, here’s where the analogy breaks down in a
good way: You can (and should!) demand your suppliers implement an appropriate level of
cybersecurity controls. You are, after all, the customer. Demand that your suppliers use
multi-factor authentication on all of their email accounts. Demand that your suppliers use a
state-of-the-art email security solution. Demand that your suppliers conduct phishing-wareness training and demand that your suppliers utilize a proven endpoint security solution. And if you see my neighbor, please tell him to clean up his act.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18056
PUBLISHED: 2019-08-20
An issue was discovered in the Texas Instruments (TI) TM4C microcontroller series, such as the TM4C123. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash ...
CVE-2017-18566
PUBLISHED: 2019-08-20
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
CVE-2018-20978
PUBLISHED: 2019-08-20
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
CVE-2017-18526
PUBLISHED: 2019-08-20
The moreads-se plugin before 1.4.7 for WordPress has XSS.
CVE-2017-18527
PUBLISHED: 2019-08-20
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.