InTents June/July 2024 - 38

business | management
Hacking through supply chains
Protect your organization from the security risks brought on by outsourcing.
by Madison Slater
W
hat we now call " hacking " has
been around almost as long as
humans have existed. Today's version
focuses on technology, but the behavior
takes many forms that even go back to
the story of the Trojan horse. Hacking is
simply the act of exploiting a weakness
to gain access to something, whether
that is in a computer system or in
someone's trust of a huge wooden horse
rolling through the gates of a city.
I work for JSCM Group, a cybersecurity
company based in North Carolina. Our
company mission is to help organizations
make their security better. While we hope
to be brought in to help improve security
before there is a problem, the reality is
that some of our largest clients are only
on that list because of a breach. In those
situations, we are dealing with incident
response and the aftermath of a hacker
who got onto the network. When this
happens, the only recourse is damage
control, which, unfortunately, often
means completely wiping everything and
rebuilding, leading to longer recovery
times, higher costs and a loss of business.
The worst part of these situations is
the realization of why it happened. If
these breaches were caused by malicious
intent on the part of someone in
the organization, in a lot of ways that's
an easier pill to swallow. But more often
than not, it was blind faith that led to a
security incident.
Reliance on outsourcing
Most organizations outsource processes
in some way. There is no need to host
38 intents june-july 2024
an email server internally when you
can pay a monthly or annual fee to have
Microsoft or Google do it for you. Even
staffing can be outsourced through the
use of certified public accountants or
managed service providers (MSP) for
information technology (IT). And while
outsourcing processes and systems can
benefit you overall, it's important not to
forget to consider the consequences if
one of those providers gets hacked.
For example, let's say you hired
an MSP to handle your day-to-day IT
support. What happens if the MSP
doesn't have good security practices
itself and gets breached? The data
that the attacker is going after could
very well be information about your
organization. And then, what if there is
some connection that has been set up
between the MSP's network and yours?
Is there anything to stop the hacker
from moving into your environment?
This type of attack is called a " supply
chain attack, " and it has become one
of the leading reasons organizations
are getting breached. Attackers are
compromising an organization's
vendors and then stumbling upon
access to your organization's data or
environment. What makes these attacks
even worse is that because the hackers
are getting access through " trusted "
connections, your guard is even further
lowered, making the outcome much
more disastrous.
So, how do you protect your organization?
It's easy to say, " Stop using vendors
or third parties, " but the reality is
InTents June/July 2024

Table of Contents for the Digital Edition of InTents June/July 2024
