2024 is off to a flying start – for cybercriminals at least. In the aftermath of the massive HWL Ebsworth attack, it’s clear that supply chain risk management and its associated vulnerabilities are more important than ever. Tony Campbell, Kinetic IT PROTECT+ Principal Consultant of Security & Advisory, explains what organisations need to do in the event of a cyber security attack.
Cyber security and supply chain risk management
In case you missed it, media reports in January revealed that a significant hack of law firm HWL Ebsworth in April 2023 had been more widespread than initially thought. A raft of government agencies had been caught in the breach, including the Prime Minister’s Office, as well as everyday Australians with up to 3.6 terabytes of sensitive data stolen. The breach, attributed to a Russian hacking group known as ALPHV/BlackCat, resulted in the theft – and subsequent publication on the dark web – of more than 2.5 million documents from HWL Ebsworth clients, impacting numerous Australian government agencies and companies.
While HWL Ebsworth has seemingly been transparent about the incident and notified all its clients fairly quickly, the incident itself serves as a stark reminder of the growing threats in our increasingly interconnected digital landscape.
RELATED CONTENT: 3 ways ChatGPT can expose you to new security risks
According to the ASD Cyber Threat Report, in the 2022–23 financial year, Australian critical infrastructure networks reported 143 cyber incidents, an increase from 95 in the previous year. Most of these were low-level attacks or isolated compromises. Additionally, extortion-related cyber security incidents increased by around 8%, while incidents involving Denial of Service (DoS) and Distributed Denial of Service (DDoS) more than doubled to 79 compared to 29 in the previous year.
In that same period, the professional, scientific and technical services sector, along with retail, trade and construction, accounted for about a third of cybercrime reports from Australian organisations. Furthermore, self-reported losses to ReportCyber from business email compromise incidents totalled nearly $80 million – with more than 2000 reports leading to financial losses, averaging over $39,000 per incident.
Supply chain risk management more important than ever
What the HWL Ebsworth hack does though is it underscores an important reality for business leaders, particularly those at the C-level: the importance of robust supply chain risk management processes. As technology continues to advance and interconnectivity increases, with most organisations now leveraging a vast array of off-premises services via the cloud, the potential for cascading failure from a single breach grows significantly.
The HWL Ebsworth incident highlights the necessity for organisations to adopt a proactive stance in managing cyber risk, and emphasises the importance of comprehensive cyber security strategies that extend beyond their immediate operational boundaries to include all aspects of their supply chain.
RELATED CONTENT: What the Australian Cyber Security Strategy means for customers
The takeaway from this incident is that no-one is safe, and even with the best cyber security controls internally your supply chain has vulnerabilities that can be just as harmful if exploited than any attack on your internal systems. The HWL Ebsworth incident is not just a wake-up call, it’s a reminder as we kick off the new business year that the continuing barrage of cyber-attacks we are all facing won’t let up. It’s imperative to understand the gravity of these risks and implement robust management protocols and standards to protect data, reputation, and operational integrity.
Three simple supply chain risk management strategies
Supply chain risk management often extends to Software as a Service (SaaS) vendors, consultants, and other third-party service providers, and requires a more expansive approach to managing risk than organisations are sometimes used to. There are various ways to make this work, but here are three simple strategies that can help:
Conduct Rigorous Vendor Risk Assessments
Due Diligence: Before engaging with any supplier or vendor, conduct thorough due diligence to assess their cyber security practices and standards. This should include evaluating their security policies, incident response plans, and compliance with relevant industry standards. Regular Audits: Regularly audit your suppliers’ cyber security measures to ensure they maintain the required security standards. This can include reviewing their security certifications (such as ISO 27001) or conducting periodic security assessments.
Establish Clear Security Requirements and Contracts
Contractual Agreements: Include specific cyber security requirements in contracts with third-party vendors. This should cover aspects such as data handling, encryption standards, and incident reporting protocols. Data Access and Control: Limit data access to what is strictly necessary for the vendor to perform their services. Implement controls to monitor and manage how your data is accessed and used by third parties.
Develop a Collaborative Approach to Cyber Security
Shared Responsibility: Foster a sense of shared responsibility for cyber security with your vendors. This can involve joint training sessions, sharing best practices, and regular communication about potential threats. Incident Response Planning: Include your supply chain partners in your incident response planning. Ensure that there are clear protocols for how to respond to a breach, including notification procedures and coordinated response strategies.
Good supply chain risk management processes are more crucial than ever, and failure to keep abreast of these could have far-reaching consequences. It’s on all of us to take proactive action to mitigate the ripple effects of a cyber security breach – this collaborative approach will quickly mature your cyber security practices across the board, and best prepare your organisation for whatever comes.
Want to talk to an expert? Contact Kinetic IT’s PROTECT+ cyber security advisory to understand how we can enhance your organisation’s line of defence.