Rogue Devices in the Supply Chain - The First Global Cybersecurity Observatory

Rogue Devices in the Supply Chain - You’re the weakest link, goodbye!

Rogue Devices in the Supply Chain - When tampering with hardware, often the Supply Chain is the ideal target and you are only as strong as your weakest link. At any point throughout the network, a device can be manipulated by a bad actor. These Rogue Devices, which have the intention of causing damage, can be transmitted by the supplier to the end user.

For a number of reasons, the supply chain is an appealing target and in today’s globalised world, it is only becoming easier for a perpetrator to carry out an attack through this vector. Importantly, Supply Chains are extremely interconnected meaning that suppliers often have access to the organisation’s sensitive information – a key characteristic for bad actors.

Rogue Devices, being malicious by nature, can target the endpoint or the network. When targeting the endpoint, they will be recognised as genuine HIDs, thus not showing any anomalies to security software. Network Implants sit on the Physical Layer which is not covered by security software, therefore - again -there are no abnormalities.

Due to the sneaky characteristics of these devices, there are no alarms raised to the security department and, as a result, no action is taken.

Rogue Devices in the Supply Chain - Risks

Thanks to globalisation, Supply Chains are becoming increasingly complex networks. As a result, it is harder to exert control over all suppliers. This includes controlling and monitoring employee training and security measures. Moreover, a large supply chain means more entry points for attackers. Not only is this appealing as there are more ways to carry out an attack, but it also makes it more difficult for the victim to identify the origin of the attack, as well as the perpetrator. Additionally, a larger Supply Chain inevitably means more employees and, since employees are the greatest risk to any organisation, this risk is only amplified. Whether staff act carelessly or with malicious intent, the dangers they pose to the organisation are not to be taken lightly.

Again, thanks to globalisation, a lot of jobs are outsourced to foreign suppliers. This is extremely risky in a world where cyberwarfare is proliferating, as it allows state-sponsored hackers to more easily infiltrate the target. Having foreign suppliers is also perilous as some countries do not have the same standards of security as others and lax security measures make it easier for a bad actor to infiltrate the supply chain. Insufficient security is an immense vulnerability in the Supply Chain.

Sometimes security gaps are due to financial constraints or, other times, there is no security option for the risk. This is the case when discussing the risk of Rogue Devices. An organisation is only as strong as its weakest link and if an organisation implements advanced security features, yet its suppliers do not, then it is essentially ineffective as an attack on one component of the Supply Chain will have a ripple effect throughout the network.

Rogue Devices in the Supply Chain - Mitigation

Employee training is the first point of call when attempting to increase protection against cyber threats. Staff need to be educated on the cyber risks they pose to the organisations and the ways in which they can prevent an attack from occurring. Education must be continuous to keep up with the savvy techniques that attackers are deploying.

Know Your Supply Chain is a concept whereby an organisation attempts to secure all components of the Supply Chain. It is imperative to know the answers to the following questions:

Which organisations make up the supply chain?
Where do vendors source their parts?
Who integrates the components that your vendor buys?
Who do your vendors outsource jobs to when they are overloaded?
What security features does your vendor have in place?

Many leading vendors offer guidelines in relation to Supply Chain security that organisations can follow in order to provide greater protection to the enterprise. Governments’ defence departments also take action to ensure the risks of a cyberattack are minimised and following these regulations will also provide greater protection. Continuous checks, although tedious, is one of the simplest ways to reduce the risk of a cyberattack. There should be continuous monitoring on hardware to check there has been no manipulation in order to avoid a Rogue Device attack.

Is this enough?

Although these mitigation proposals provide enhanced protection, these are still not full proof ways to substantially reduce the risk of a Rogue Device attack. Organisations need to equip themselves with a more comprehensive security policy which includes rogue device detection and mitigation; Sepio Systems provides exactly that and is the only company that does, leading the Rogue Device Mitigation (RDM) market. By uncovering hidden hardware attacks operating over network and USB interfaces, Sepio’s SaaS solution provides the ultimate visibility of the enterprise’s IT assets. No device goes undetected; whether it’s a USB gadget or an unmanaged Ethernet switch. Through this total visibility, a stronger cybersecurity posture is achieved. You no longer need to rely on manual reporting, legacy inventory reports and employee compliance to determine if there is a vulnerable device installed by an over-eager employee with good intentions, or through a compromised supply chain.

Answering questions like:

Do we have an implant or spoofed device in our network?
How many IoT devices do we have?
Who are the top 5 vendors for devices found in our network?
Where are the most vulnerable network switches in our network?

now becomes the easiest task. The SepioPrime centralized management system presents the overall status and security dashboards and is used for defining and distributing the device usage policy across an organisation.

Rogue Devices in the Supply Chain - You’re the weakest link, goodbye!