Prediction 2: Trusted Partner Attacks
Breaking in through the front door isn’t always the best option as it tends to be be well defended. The same is true in cyber attacks. A head on assault is expected, but companies rely on a plethora of technology partners and often communicate with them through trusted digital channels. History suggests that enterprises aren’t doing enough to ensure that trusted partners maintain their security to the same standards that would be demanded if those services were delivered internally.
In the past we have seen this with the Target breach which occurred when Fazio Mechanical, and HVAC vendor was compromised. Likewise, the OPM breach began with a compromise at KeyPoint Government Solutions. Compromised partner networks aren’t always used to directly access another network but can also play an indirect role in a broader attack. For example, attackers that ultimately targeted JPMorgan Chase, Scottrade and E-Trade for money laundering also compromised G2 Web Services LLC, which specialized in monitoring and blocking fraudulent banking transactions. Once inside the G2 network, they could ensure that their money laundering schemes went undetected. Enterprises are increasingly outsourcing technology to streamline costs in areas that are not a core focus. For attackers targeting a supplier that often has lesser security controls than the larger entity that it serves, a successful compromise can be a gold mine. Not only does the breach provide a backdoor into the original target, but it also opens doors to other enterprises being serviced by the same vendor.
Hackers have learned from successful attacks exploiting such relationships and will accelerate their focus in this area in 2016. Enterprises need to extend security policies and procedures beyond their own systems and personnel. Trusted partners should be expected to adhere to the same security controls and be subjected to audit and penetration tests to ensure that they are adhering to agreed upon standards.