In late July 2018, CrowdStrike conducted a survey on the cyber threats affecting the logistics chain. Eighty percent of respondents believe that during the next three years, this type of attack risks becoming one of the main cyber threats their companies will face. However, only a third of them thoroughly verify their suppliers, and even fewer of them consider their business sufficiently prepared to limit the risks.

What does the survey reveal?

• Most of the companies surveyed report having been the target of an attack: two-thirds of respondents report their company having faced an attack against the logistics chain, and 90% of them confirm that this had a financial impact (costing more than $1.1 million on average).
• Preferred targets: Few sectors are spared, but the most affected are the pharmaceutical, biotechnology, entertainment, media and computer services industries.
• Companies are ill prepared and feel vulnerable: although nearly 90% of respondents believe they are exposed to the risk of an attack against the logistics chain, they admit they are not alert to detecting and neutralising threats, or to intervening in the event of an incident.
• Publishers’ control procedures are not sufficiently stringent: while 90% of respondents consider such a control to be essential, only one-third subject all of their suppliers to a rigorous check. The companies surveyed clearly recognize the need for a more advanced security assessment, and 58% of decision-makers plan to submit their suppliers to stricter controls.

What is an attack against the logistics chain and what makes it attractive to cyber criminals?

To measure fully the results of the survey and the reasons for the recent increase in cyber attacks, it is important to understand exactly what an attack against the logistics chain is. Cyber criminals try to reach their targets by infecting legitimate and reliable applications through software publishers. Once they have accessed the publisher, the hackers modify the products to enable them to perform malicious actions. The publishers then distribute their solutions to customers (in the form of legitimate software updates) without realizing that they have been compromised.

What do we recommend?

A number of high-profile incidents, such as the NotPetya and CCleaner hacks in 2017, as well as the entry in force of the new GDPR, highlight the risks of attack against the logistics chain. This problem damages highly strategic relationships between partners and suppliers. However, as the survey shows, companies lack the knowledge, tools and technologies they need to sufficiently protect themselves. In addition to establishing a careful supplier control procedure, organisations have to fill the security gaps that make them vulnerable to attacks. This objective can be achieved only if they implement effective prevention, detection and intervention technologies.

• Adopt solutions with attack detection functions based on behaviours: given the complex nature of the attacks against the logistics chain, companies must be able to exploit the power of behavioural analysis, and attack indicators in particular. Mitigating the risks posed by the hacking of legitimate applications requires technologies like Machine Learning that are able to detect recurring patterns in hundreds, thousands or even millions of attacks per day - an impossible task if the company relies on human knowledge alone.
• Anticipate future attacks against the logistics chain through a cyber watch: this provides information on the emergence of new attacks and all the information required to understand them in detail and set up a proactive defence.
• Prepare by conducting a maturity assessment of your security architecture and attack simulations against the logistics chain. In this way, companies can better understand their current level of risk and benefit from a roadmap designed to improve their cyber protection.

Download the "Global Threat Report 2018" from CrowdStrike® and join us on Thursday 11 October at 4PM in the Pagnol room to continue the discussion with the France CrowdStrike team and its security experts.