5 mins read

Stopping supply chain attacks with Cisco User Protection Suite

The attack on the dinner party supply chain

A supply chain attack occurs when a malicious actor gains access to a company’s employees and data by compromising a supplier or business partner. Let’s think of this type of attack like a dinner party. You invite your close friends and hire a catering company you know and trust to prepare the food. However, neither you nor the catering company knew that one of the waiters serving your guests had stolen your house key and made a copy. You throw a great party, your friends love the food, and everyone goes home. But later in the week, you come home and realize all your valuables are missing.

To find out who broke into your house, you search the nanny cam you hid in your child’s stuffed animal, only to discover the waiter roaming around your house while you were away. In this story, the caterer is the vulnerable link in the supply chain. Much like a dinner party, companies must trust all participants in the digital supply chain, because a risk to one supplier can put the entire system at risk – just as a waiter exploited the trust between caterer and customer.

Types of supply chain attacks

Supply chain attacks can be understandably worrying for those responsible for cybersecurity in an organization. According to Verizon’s data leak in 2024 According to the Investigations Report, security breaches due to supply chain attacks increased from 9% to 15%, a 68% increase year over year. Even if you carefully protect all of your employees, devices, applications, and networks, you have very little control or visibility when an attacker attacks an external organization.

Attackers can carry out supply chain attacks in a number of ways. They can plant malicious hardware that is shipped to customers. They can inject malicious code into software updates and packages that are installed by unsuspecting users. Or attackers can break into third-party services, such as managed service providers or HVAC vendors, and use that access to attack their customers.

The supply chain attacks that make the headlines are usually large-scale and the affected organization has little control over them. However, the most common attacks occur when attackers first target smaller companies (suppliers) in order to get to their customers (the real targets). Let’s consider the following example of a law firm that results in one or more compromised customers:

Example of a law firm leading to one or more compromised clients

How the User Protection Suite protects your company

Cisco’s User Protection Suite provides the comprehensive coverage your organization needs to be confident you can protect your users and assets from supply chain attacks. The User Suite provides email and identity protection, as well as secure application access – all on a secure endpoint. Now let’s think about how a supply chain attack could be prevented at critical moments:

  • Protection against email threats: Email Threat Defense used multiple machine learning models to detect malicious emails and prevent them from reaching the end user. If someone in your supply chain is compromised and sends you an email with a phishing link or malware, the sophisticated models will detect the threat and quarantine the email. Even if the sender is listed as trusted and you have seen the attached document before.
  • Cisco Duo: If a supply chain attacker gains access to an organization’s user credentials by compromising a supplier’s database, it is important to set up multi-factor authentication. By combining strong authentication methods such as Passwordless, with Trusted endpoints Device policy can block your company from unauthorized access. And if there are potential vulnerabilities in identity posture, Duos can Continuous identity security provides cross-platform insights to improve visibility.
  • Secure access: Secure Access ensures that your users access the Internet and private applications securely. Secure Access’ zero-trust access solution enforces least-privilege access, meaning users only get access to the resources they need. This means that even if a supply chain partner is compromised, their access to the network is restricted and you can prevent lateral movement.
  • Secure endpoint: Secure Endpoint provides organizations with the tools to stop and respond to threats. One of these tools includes Secure malware analysisthat evaluates suspicious files in a sandbox and provides insights from Talos Threat Intelligence. Cisco evaluates 2,000 malware samples per minute across all Cisco products to prevent malware from reaching the end user. In cases where an endpoint is infected in a supply chain attack, the integration of Secure Endpoint with Duos Trusted endpoints automatically blocks that user’s access until the malware issue is resolved.

Secure Endpoint's integration with Duo's Trusted Endpoints automatically blocks the user's access until the malware is remediated

The cybersecurity threat landscape can be overwhelming. There are many different types of attacks targeting users who just want to focus on their work. Our goal with User Protection Suite is to enable users to be as productive as possible without worrying about security breaches. Let the users work and we’ll take care of the security risks to protect your business from the biggest threats.

For more information on how the User Protection Suite can protect your business, see the Cisco User Protection Suite Website and Contact an expert Today.


We’d love to hear your thoughts. Ask a question, comment below, and stay connected with Cisco Security on social media!

Cisco Security Social Channels

Instagram
Facebook
Þjórsárden
LinkedIn

Share: