Attackers will look to infiltrate target organisations through smaller companies that work with the target. The term refers to a military tactic where smaller entities are captured and leveraged in order to get to an original target.
Island Hopping is effectively a Supply Chain attack. Attackers are banking on the assumption that smaller companies will be easier to compromise, and from there they can take advantage of any shared systems and/or the trust between organisations.
Understand the security risks involved with your supply chain
Build a picture of who your suppliers are and what their security looks like. Do you know what needs to be protected and why?
Raise awareness of security with your supply chain
Communicate your needs to your suppliers, build it into your contracting processes, and meet your own security responsibilities both as a consumer and supplier. For example, the government backed Cyber Essentials scheme can be an indicator that companies have a commitment to cyber security, and have taken steps to guard themselves against the most common cyber threats. Details about the scheme can be found at https://www.cyberessentials.ncsc.gov.uk/
Seek continuous improvement of security within your supply chain, and build trust with your suppliers
Educate and train staff to defend against Phishing attacks
For advice on how to spot and defend against phishing, see the NCSC's guide on this at https://www.ncsc.gov.uk/phishing
The Take Five campaign is a national campaign encouraging people to stop and think about whether a situation is genuine. Visit the website at
As a minimum, organisations need to ensure that devices are always fully patched and have anti-malware/anti-virus software in place. This should apply to ALL of your devices, including phones/tablets/printers/routers/internet enabled cameras/IoT devices etc.
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.