Large organisations supply chains are often long and stretch across multiple points. As a result an organisations cyber security is only as strong as the weakest member of the supply chain.
In the first week of the year, Time Warner Cable (TWC), the USA’s second largest cable provider announced that up to 320,000 of its customers may have had their passwords and email addresses compromised. The company only discovered the leak after it was notified by the FBI that some of its customers email addresses and passwords may have been compromised and put onto the Dark Web. The fact that it took the FBI to bring the issue to the company’s attention suggests that it was not breached directly. Instead, it appears as though the details were stolen via other methods.
The most likely culprit is a phishing attack targeting TWC customers. This is likely to have been achieved through a fake customer service email sent to customers or via a fake website. Another possibility is that the credentials were gathered through malware installations or by breaching a subcontractor in a supply chain who had access to some TWC customer information. If this is the case, then it raises the issue of both the security of the organisations supply chain and phishing attacks.
The company said that it is sending emails and direct mail correspondence to encourage customers to update their email passwords as a precaution.
Supply Chains the Weak Link?
Determined hackers will take advantage of a supply chain by doing their research, and will learn what companies are in the supply chain of their primary target. If determined they will go through every part of the supply chain to find a vulnerability that once found, they will exploit. Once they find a way in they can then spread malicious software throughout the entire chain.
Often due to their smaller size and budgets it will be the smaller organisations on the supply chain that will be the weakest link as their cyber security measures are unlikely to be as effective as larger ones.
A good way for SMEs to ensure that they take the matter of cyber security seriously is to obtain the Cyber Essentials accreditation. By doing so they will improve their reputation as a well defended supply chain partner and will be seen as a safer partner for larger organisations to work with. For more information on the scheme click here. You can find PGI’s Cyber Essentials Portal here
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.