As the number of cybersecurity breaches continues to escalate, here are some basic steps companies can take to avoid phishing, credential stuffing or other attacks.
Security and risk management have both become major concerns for most organizations. With the number of security breaches rising—and with attacks on organizations like Colonial Pipeline, Kaseya and SolarWinds among some of the biggest breaches making headlines—the threat is both real and relevant for companies and their trading partners, employees and end customers.
According to Gartner, the uptick in cybercrime is also putting security at the forefront of business decisions and driving governments to introduce new consumer-protection laws. In fact, the research firm predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee while 70% of CEOs will mandate a “culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political instabilities.”
Supply Chain Cybersecurity
Because it touches all aspects of our lives and livelihoods, supply chain cybersecurity is of particular concern for companies right now. Having endured the early stages of the global pandemic and now working through one of the most challenging supply chain environments of modern times, organizations simply can’t afford to take their eye off the cybersecurity ball.
In 2020, the number of data breaches in the US reached 1,001 cases. Meanwhile, over the course of the same year, more than 155.8 million individuals were affected by data exposures (i.e., accidental revelation of sensitive information due to less-than-adequate information security).
“As the world transitioned to virtual everything -- work, school, meetings and family gatherings -- attackers took notice,” TechTarget points out. “Attackers embraced new techniques and a hurried switch to remote access that increased cyberthreats across the board.” The list of 2020’s top cyberattacks include ransomware, phishing, data leaks, breaches and a devastating supply chain attack. The virtually-dominated year raised new concerns around security postures and practices, and that continued in 2021, the publication adds.
Blocking and Tackling
Protecting your own systems and those of your business partners from the “bad actors” comes down to block and tackling at the human level, according to Ken Sherman, President at IntelliTrans. Where in the past hackers may have directly targeted the technology systems that the large banks, brokerages and credit card companies run on, many of them are now drilling down to individual targets within those and other organizations.
For example, Verizon says that almost one-third of all data breaches were related to phishing in 2019, when more than two-thirds of U.S. organizations reported being impacted by a successful phishing attack (globally, 55% of organizations reported this problem). An online analogy to the sport of fishing, “phishing” involves sending out email “lures” to gather data and passwords from web users. COVID has brought more phishers out of the woodwork. During a single week in April 2020, for example, Google reportedly saw more than 18 million daily malware and phishing emails related to COVID-19 sent via Gmail alone.
“Most hacks these days aren’t attacking the technical security protocols directly - it’s often end user behaviors that enable the breaches,” says Sherman. “Whether it’s a phishing campaign for private information or credential stuffing, the threats continue to multiply.” The automated injection of stolen username and password pairs (“credentials”) obtained through successful hacks into other systems into website login forms, credential stuffing helps bad actors fraudulently gain access to user accounts.
Because individuals may reuse the same password and username/email across different online platforms, having those credentials exposed by a database breach or phishing attack on one organization effectively allows an attacker to compromise additional accounts at other organizations. “With the plethora of systems that everyone is logging into, using multiple different 15-character passwords becomes inconvenient,” says Sherman, who points to multifactor authentication as one way to keep cybercriminals from using those username/password combos to hack into other accounts.
Purging Outdated Data
Companies should also regularly purge the outdated information in their platforms, including that of employees who have since left the organization but whose user names and passwords still work. Where a current employee may receive notifications to change those credentials on a regular basis, a former associate won’t get those notices.
“Make sure former employees are removed from all of your systems and that current associates are using complex passwords and multifactor authentication,” Sherman advises. Encourage everyone to use unique passwords that they haven’t used on other platforms, knowing that if a crook utilizes credential stuffing or phishing to gain access to one successful combination, he or she will likely test it out on other platforms.
The good news is that these simple steps can go a long way in helping companies ward off attacks and keep their data safe. “Focus on the blocking and tackling and get your cybersecurity to a reasonable level of standard,” says Sherman, who tells companies to work with their supply chain partners to ensure that they’re all taking similar steps. “Together with your key suppliers, you can cover the bases and reach your cybersecurity goals.”
Supply Chain Transparency for Global Organizations
IntelliTrans’ Global Control Tower provides high levels of supply chain transparency; aggregates, completes, and enhances data from a variety of sources; offers visibility into and execution of different aspects of the supply chain; and generates data-driven alerts and analytics that ask deeper questions and deliver meaningful insights.
By leveraging tracking information, the Global Control Tower provides analytics that measures key performance indicators (KPIs) like fleet cycle time, origin/destination dwell time, lane and hauler performance, back orders, freight spend, load optimization, and more. With their rate, equipment, lease, tracking, and invoice data in a central repository that’s accessible 24/7, companies can position themselves for success in any market conditions.