Hackers are trying to attack big companies. Small suppliers are the weakest link

Defence companies are a prime target for cyber attackers and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.
Written by Danny Palmer, Senior Writer

Cybersecurity vulnerabilities in small and medium-sized businesses in the defence industry are leaving the companies – and larger organisations further up the supply chain – vulnerable to cyberattacks.

Researchers at cybersecurity company BlueVoyant examined hundreds of SMB defence company subcontractor firms and found that over half had severe vulnerabilities within their networks, including unsecured ports and unsupported or unpatched software, making them vulnerable to cyberattacks including data breaches and ransomware.

With the defence industry a prime target for cyber criminals – including state-backed hacking operations attempting to steal intellectual property and other sensitive information – attackers are ready to exploit any weakness they can use to gain access to networks.

SEE: Network security policy (TechRepublic Premium)

Unsecured ports, including remote administration tools and RDP ports, represent one of the most common vulnerabilities, potentially allowing cyber criminals to gain access to networks.

It can be relatively simple for attackers to gain remote access to these services if they're only protected by default or weak credentials, while it's also possible to for attackers to gain access to these services via phishing attacks.

The rise of remote working over the past year has also meant that remote access and cloud services have become a popular means of network entry for cyber criminals, as it's less likely that their activity on the network will be detected as suspicious.

Researchers also found that many of the companies examined were running unpatched or unsupported software, making them vulnerable to cyberattacks that exploit known vulnerabilities – and something they suggest means there's an absence of a patch-management strategy.

Cyber criminals regularly take advantage of known vulnerabilities in an effort to gain access to networks – and in the case of the defence industry, a small contractor being compromised could lead to a larger company on the supply chain being subject to cyberattacks.

"A simple compromise of a valid email address can serve as a great vector to spread a malicious attachment throughout supply chain partners or simply victimize a less prepared contractor to get a foothold in the chain and work their way upstream," Austin Berglas, global head of professional services at BlueVoyant, told ZDNet.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

It's often difficult for smaller companies to stay on top of cybersecurity and there's an argument that larger organisations should play a role in helping their supply contractors secure their networks – because by providing this help, not only do they protect their contractors from malicious hackers, they're also ultimately helping to protect their own networks.

"Empowering contractors to secure the supply chain, implementing continuous monitoring, and proactively identifying threats will help secure the defence industrial base and ensure the safety of a vital national security asset," said Berglas.


Editorial standards