Protecting Asia Pacific’s supply chain from cyber risk

Over the course of the pandemic, one of the biggest disruptions the world faced was to critical national infrastructure, specifically supply chains. Border and port closures, mandated work from home policies, and severe shortages of citizen essential products including PPE and pharmaceuticals, have highlighted vulnerabilities in production, supply, and logistics. Asia is now experiencing a renewed surge in Covid-19 infections, which continues to impact supply chains across the world and manufacturers are yet again faced with complexities. 

A glaring weakness throughout these disruptions have been the silos across the entire value chain of supply – from raw materials, to manufacturing, to distributors and customers. The United Nations estimates around 42% of global exports are sourced in Asia; while some markets, such as Singapore and Hong Kong, are focusing on supply chain digitalisation to ensure supply chain resilience, the growing threat from cyber-attack has also accelerated.  

Many security agencies in the Asia Pacific region have flagged an increase in cyber threats, such as ransomware and online scams, due to the speed and scope of growth of digitalisation and connectivity. The Cyber Security Agency of Singapore (CSA) handled more than 9,000 cases in 2020, targeting areas such as e-commerce, data security, and vaccine-related research and operations. 

More recently, a supply chain ransomware attack against enterprise IT firm Kaseya, caused a knock-on effect across more than 1,000 organisations; according to the firm’s own damage report, these were smaller organisations with thinner wallets: dental practices, architecture firms and libraries. Kaseya served as an efficient distribution hub for the hackers’ poison-pill software with its widely used IT automation SaaS offering, became the unwitting delivery system.

The Kaseya ransomware attack that unfolded in July, presented an emphatic dot-connecting opportunity. Security agencies globally warned customers to shut down servers after the weekend’s cyber-attack on Kaseya’s VSA product. Was this response fast enough? What else should organisations be doing to protect their IT and OT systems and data?  

Supply chain risks threaten critical infrastructure

Supply chain attacks such as this occurs when an attacker gains access to an organisations system through an outside partner – in this instance Kaseya. As you adopt new services or partners to help your business grow, your supply chain environment expands, and so does your attack surface, making you more vulnerable.

Regrettably, supply chain-based attacks are incredibly hard for customers to defend against. Shutting down the affected servers is a sledge-hammer approach. While the intent is good, it won’t prevent these types of attacks if you’re facing a determined adversary. 

While the vectors of many security incidents have remained the same: the speed at which attackers can pivot through an organisation’s network has greatly increased. Further, rapidly evolving cloud environments, combined with this increased risk, are creating a perfect storm. One that’s also highlighting significant skills gaps.

New findings in a PaaS & IaaS Security Survey Report have underlined how the cloud has changed everything we know about security; 100% of the companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services weekly. The expansion of cloud services has naturally led to increased complexity and risk and the report uncovered some startling blind spots. These include 30% of organisations surveyed have no formal sign-off before pushing to production and 40% of respondents say they do not have a DevSecOps workflow. 

Identifying IT and OT security blind spots  

A truly strong security strategy that covers both endpoint and network is needed to help identify when assets are compromised in a supply chain attack but also give organisations forward notice before they occur. 

Part of that strategy includes assuming you’re going to get breached but ensuring you have the right tools and support in place so an attack can be contained. With the risk of harm obviously no longer limited to sprawling enterprises with huge budgets, the incident should trigger new security discussions in more IT departments across the APAC region. 

To better improve supply chain cyber defences, I’d like to share top three best practice tips: 

  1. Reduce the risk of cloud services being exploited using an AI-driven threat detection and response solution.
  2. Monitor access of the deployment and the configuration of it.
  3. Review and remove admin-level roles that are no longer used and/or needed.

We can expect to see threats to supply chain and other critical national infrastructure over the next few years across a number of scenarios. For instance, healthcare systems remain vulnerable particularly as the global fight against Covid-19 continues and continued demand for remote working will increase attack surfaces. Each site or situation is unique and visibility and agility are the building blocks of effective incident response. Industry and enterprise security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.