Ransomware in the Supply Chain – Are You at Risk?

7 tips for protecting your community from attacks like the one on Colonial Pipeline  

By LMG Security 

The recent ransomware attack on the Colonial Pipeline showed just how “connected” we all are – and how an attack not only impacts the company itself, but EVERYONE that depends on that organization.  

The ransomware attack on Colonial Pipeline – which supplies gasoline, diesel, and jet fuel to a large chunk of the southern U.S. – encrypted the company’s computers, forcing it to shut down its services and causing interruptions in fuel delivery (no gas for the trucks), regional gas shortages at the pumps (no gas for consumers), and even disruptions in air travel (no fuel for the jets).  

But, did you know everyone who touches a computer within your organization can help prevent a ransomware attack? Read on to learn how one person’s actions can save multiple organizations – including yours – from outages and financial loss. 

How can one ransomware incident impact your organization, as well as your community? 

Cybercrime is like ripples in a pond – one incident can impact the entire ecosystem. If you and every member of your organization use safe cybersecurity practices, you can help protect everyone that relies on you.  

How do cybercriminals spread their malicious software?  

• Hacked email. Your email is a gold mine for cybercriminals, who can use it to reset passwords for other accounts, send phishing emails to your contacts, or steal sensitive information. Often, cybercriminals steal your email password by sending you a phishing email which is designed to trick you into typing your password into a malicious website. Other times, they simply buy your password on the dark web. Once criminals have access to your email, they can target you, your colleagues, and your community with more advanced attacks. 
• Infected computers. Your computer can be infected with malware if you click on a link in a phishing email, open an infected attachment, or download a malicious software utility by mistake. But malware doesn’t stop at your computer—it can open a door for cybercriminals to infect your co-workers or anyone on your home network, too. Remember, we’re all connected!    

So, how do we keep each other safe?  

7 things you can do to keep your organization safe from ransomware: 

1. Think before you click! Some emails may appear legitimate – such as a note from a co-worker asking you to look at an attachment or click on a link – but it could be a cybercriminal in disguise. Phishing (pronounced “fishing”) is a common way for attackers to gain access to an organization’s network. Don’t take the bait. Look for clues that indicate that the email might be a fake – including an unrecognized sender, word misspellings, an attachment that’s an invoice for something you didn’t order, or an unusual sense of urgency. In any case, if an email looks suspicious, don’t click on any links or attachments – they may contain malware that will give the attacker access to your computer. Either delete the email or show it to your IT staff. You can also learn how to spot signs of phishing in this blog. 

1. Create unique passwords. Check out our password cheat sheet for easy tips on strong passwords and login security.  

1. Use a password manager. A smart way to remember strong passwords is to not remember them at all! A password manager is secure software that stores your passwords in an encrypted vault on your computer, or in the cloud. Password manager programs such as LastPass, Dashlane, 1Password or KeePass are popular choices. If you use a cloud-based password manager, make sure to use multi-factor authentication and a strong master password to protect your vault. 

1. Use Multi-Factor Authentication (MFA). In addition to a username and password, many applications use MFA, which adds extra layers of protection to the login process. There are three ways to verify a person’s identity: 

• Something you know – such as a username or password 

• Something you have – a token or authenticator app for example 
• Something you are – such as a fingerprint or retinal scan 

Multi-factor authentication uses more than one method combined, so that if (for example) a hacker steals your password, your account is still protected by another factor. In this way, MFA uses “multiple factors” to verify your identity for safer access. See LMG’s blog, “The Benefits of Multi-factor Authentication” for more details. 

1. Ask before you install new programs or use cloud sharing services. Installing applications on your computer or using cloud-based file-sharing websites without permission can introduce hidden risks. Your IT staff likely has loaded any software you need to do your job and will perform any regular maintenance as needed – such as updates and patches. If you do find you need a different software for work or a vendor asks you to use a cloud-based online storage site, check with your IT staff first. 

1. Educate yourself. Many organizations provide basic, often ongoing in-person training or e-learning on cybersecurity safety. These trainings are not difficult and don’t require a lot of time (even reading this blog counts!) and are designed to help you understand how you can protect your organization – and yourself – from becoming the victim of a cyberattack. 

1. Be a hero. If you are concerned about a suspicious email or link, report it to IT immediately! You can save your company from a serious cyberattack. 

Tips for Leadership: 

Make sure your whole team is aware of the important security tips above! Also, identify your key suppliers, and make sure that they are taking proper security precautions, too. Your organization relies on many external suppliers for services, software, and devices that are critical to your day-to-day operations. Their risk is your risk – so make sure you take precautions.  

Here are a few ways to slash your supply chain ransomware risk:   

1. Include Cybersecurity as Part of your Vendor Management Process. If you don’t already have a supplier vetting program, now is the time to start! And if you do have one, set goals and make improvements. Make a list of your suppliers and prioritize the ones that are critical to your operations or have access to sensitive information. Start by tackling your high-priority suppliers first. Work with your IT team and security advisors to develop a set of minimum standards each vendor or partner must meet, then develop a vendor vetting process to ensure your vendors and partners meet these requirements. Read our vendor vetting blog for best practices and our supply chain security checklist for additional tips. Of course, you also can contact LMG Security for help in setting up your vendor risk management program or vetting vendors.  

1. Limit Supplier Access. By limiting suppliers’ access to your technology resources and sensitive data, you cut down on your work and your supply chain security risks. Giving your vendors only the minimum access they need is a great way to prevent supply chain ransomware from impacting your environment. 

1. Minimize the Ripple Effect. Downtime is one of the costly impacts of a ransomware attack. Your supplier’s downtime can impact you, too, so choose suppliers that have plans to minimize downtime in specific situations such as a cyberattack. Do they define a downtime limit or recovery time objectives (RTOs)? Is their support staff available 24/7? Do they have immediate fail-over capabilities to alternate sites if you can’t afford downtime? These are all questions you should consider. 

1. Involve Key Suppliers in Your Response Planning. When it comes to ransomware attacks, it’s not “if,” it’s “when.” Identify your key suppliers and include them in your cybersecurity response planning and training exercises. Make sure you and your suppliers have both the plans and technology infrastructure to prevent ransomware attacks, as well as the training to triage and minimize the damage in case an attack occurs. 

We are all connected in today’s digital world. Taking simple cybersecurity steps can help protect your organization, as well as your suppliers, customers, and partners from the impacts of a ransomware attack.  

This blog post is distributed with the permission of LMG Security.