ISLAND HOPPING

Attackers will look to infiltrate target organisations through smaller companies that work with the target. The term refers to a military tactic where smaller entities are captured and leveraged in order to get to an original target.

Island Hopping is effectively a Supply Chain attack. Attackers are banking on the assumption that smaller companies will be easier to compromise, and from there they can take advantage of any shared systems and/or the trust between organisations.

 

ADVICE

Understand the security risks involved with your supply chain
Build a picture of who your suppliers are and what their security looks like. Do you know what needs to be protected and why?

Raise awareness of security with your supply chain
Communicate your needs to your suppliers, build it into your contracting processes, and meet your own security responsibilities both as a consumer and supplier. For example, the government backed Cyber Essentials scheme can be an indicator that companies have a commitment to cyber security, and have taken steps to guard themselves against the most common cyber threats. Details about the scheme can be found at https://www.cyberessentials.ncsc.gov.uk/

Seek continuous improvement of security within your supply chain, and build trust with your suppliers

Educate and train staff to defend against Phishing attacks
For advice on how to spot and defend against phishing, see the NCSC's guide on this at https://www.ncsc.gov.uk/phishing

The Take Five campaign is a national campaign encouraging people to stop and think about whether a situation is genuine. Visit the website at
https://takefive-stopfraud.org.uk/advice/

Device security
As a minimum, organisations need to ensure that devices are always fully patched and have anti-malware/anti-virus software in place. This should apply to ALL of your devices, including phones/tablets/printers/routers/internet enabled cameras/IoT devices etc.

Reporting
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.

By using this website you agree to our use of cookies to enhance your experience. I understand

Nuclear Conference

Nuclear South West Conference 2019

The Somerset Cyber Group (with BLUELOOP being one of the members) will be exhibiting at the upcoming Nuclear South West Conference 2019 at The McMillan Theatre, Bridgwater on 2nd and 3rd October 2019.

With a theme of ‘Bringing Innovation to Nuclear’, this two-day showcase and conference highlights current and future opportunities in New Build, Decommissioning, Defence and new technologies, including SMRs. 

Our team will be on hand to discuss basic steps in good Cyber Security practice to ensure that all members of the supply chains, no matter how large or small, can ensure that they aren’t the weakest link.

For more information visit: https://nuclearsouthwest.co.uk/events or to book, visit: https://lnkd.in/dGfZ5Dz