{"id":5970,"date":"2021-05-20T14:11:33","date_gmt":"2021-05-20T14:11:33","guid":{"rendered":"https:\/\/heliview.be\/cyber-security\/?p=5970"},"modified":"2021-05-20T15:10:06","modified_gmt":"2021-05-20T15:10:06","slug":"insider-threats-supply-chains-and-iot-breaking-down-a-modern-day-cyber-attack","status":"publish","type":"post","link":"https:\/\/heliview.com\/cyber-resilience-belgium\/insider-threats-supply-chains-and-iot-breaking-down-a-modern-day-cyber-attack\/","title":{"rendered":"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack"},"content":{"rendered":"
[vc_row][vc_column width=”2\/3″][vc_column_text]It\u2019s ten to five on a Friday afternoon. A technician has come in to perform a routine check on an electronic door. She enters the office with no issues \u2013 she works for a trusted third-party vendor, employees see her every week. She opens her laptop and connects to the Door Access Control Unit, a small Internet of Things (IoT) device used to operate the smart lock. Minutes later, trojans have been downloaded onto the company network, a crypto-mining operation has begun, and there is evidence of confidential data being exfiltrated. Where did things go wrong?<\/p>\n

Written by Brianna Leddy, Director of Analysis<\/a><\/p>\n

Threats in a business: A new dawn surfaces<\/h3>\n

As organizations keep pace with the demands of digital transformation, the attack surface has become broader than ever before. There are numerous points of entry for a cyber-criminal \u2013 from vulnerabilities in IoT ecosystems, to blind spots in supply chains, to insiders misusing their access to the business. Darktrace sees these threats every day. Sometimes, like in the real-world example above, which will be examined in this blog, they can occur in the very same attack.<\/p>\n

Insider threats can use their familiarity and level of access to a system as a critical advantage when evading detection and launching an attack. But insiders don\u2019t necessarily have to be malicious. Every employee or contractor is a potential threat: clicking on a phishing link or accidentally releasing data often leads to wide-scale breaches.<\/p>\n

At the same time, connectivity in the workspace \u2013 with each IoT device communicating with the corporate network and the Internet on its own IP address \u2013 is an urgent security issue. Access control systems, for example, add a layer of physical security by tracking who enters the office and when. However, these same control systems imperil digital security by introducing a cluster of sensors, locks, alarm systems, and keypads, which hold sensitive user information and connect to company infrastructure.<\/p>\n

Furthermore, a significant proportion of IoT devices are built without security in mind. Vendors prioritize time-to-market and often don\u2019t have the resources to invest in baked-in security measures. Consider the number of start-ups which manufacture IoT \u2013\u00a0over 60%<\/a>\u00a0of home automation companies have fewer than ten employees.<\/p>\n

Insider threat detected by Cyber AI<\/h3>\n

In January 2021, a medium-sized North American company suffered a supply chain attack when a third-party vendor connected to the control unit for a smart door.[\/vc_column_text]

\r\n Read complete article<\/span><\/a>\r\n Get your ticket to online event<\/span><\/a>\r\n \r\n <\/div>[\/vc_column][vc_column width=”1\/3″][vc_wp_search][vc_wp_posts title=”More news” number=”3″]
[vc_row][vc_column][vc_raw_html]JTNDZGl2JTIwY2xhc3MlM0QlMjJsZ3gtc3Vic2NyaWJlci1hcmVhJTIyJTNFJTBBJTNDZm9ybSUyMGNsYXNzJTNEJTIybmV3c2xldHRlciUyMiUzRSUwQSUzQ2xhYmVsJTNFJTIwU3Vic2NyaWJlJTIwdG8lMjBuZXdzbGV0dGVyJTNDaW5wdXQlMjB0eXBlJTNEJTIydGV4dCUyMiUyMGlkJTNEJTIyRW1haWxBZGRyZXNzTmV3c2xldHRlciUyMiUyMG5hbWUlM0QlMjJlbWFpbCUyMiUyMHBsYWNlaG9sZGVyJTNEJTIyWW91ciUyMGUtbWFpbCUyMGFkZHJlc3MlMjIlMjAlMkYlM0UlM0MlMkZsYWJlbCUzRSUwQSUzQ2lucHV0JTIwdHlwZSUzRCUyMmJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIybGd4LWJ0biUyMiUyMHZhbHVlJTNEJTIyU3Vic2NyaWJlJTIyJTIwb25jbGljayUzRCUyMldlYnNpdGUuU3Vic2NyaWJlVG9OZXdzbGV0dGVyJTI4JTI3ODUxMjkyMjk1MjQyJTI3JTI5JTIyJTNFJTBBJTNDZGl2JTIwaWQlM0QlMjJOZXdzbGV0dGVyU3VjY2VzcyUyMiUyMGNsYXNzJTNEJTIybmlldXdzYnJpZWYtc3VjY2VzJTIwaGlkZGVuJTIyJTNFVGhhbmslMjB5b3UlMkMlMjB5b3VyJTIwcmVnaXN0cmF0aW9uJTIwaGFzJTIwYmVlbiUyMHNlbnQlMjElM0MlMkZkaXYlM0UlMEElM0NkaXYlMjBpZCUzRCUyMk5ld3NsZXR0ZXJFcnJvciUyMiUyMGNsYXNzJTNEJTIybmlldXdzYnJpZWYtZXJyb3IlMjBoaWRkZW4lMjIlM0VVbmZvcnR1bmF0ZWx5JTIwc29tZXRoaW5nJTIwd2VudCUyMHdyb25nJTNCJTIwWW91ciUyMHJlZ2lzdHJhdGlvbiUyMGZhaWxlZC4lMjBQbGVhc2UlMjB0cnklMjBhZ2FpbiUyMGxhdGVyLiUzQyUyRmRpdiUzRSUwQSUzQyUyRmZvcm0lM0UlMEElM0MlMkZkaXYlM0U=[\/vc_raw_html][\/vc_column][\/vc_row]\n<\/div>[\/vc_column][\/vc_row][vc_row full_width=”stretch_row” css=”.vc_custom_1618502179043{background-color: #ffffff !important;}”][vc_column width=”1\/2″][vc_row_inner el_id=”tickets”][vc_column_inner][\/vc_column_inner][\/vc_row_inner][\/vc_column][vc_column width=”1\/2″]
\r\n

More about Cyber Security?<\/h2>\r\n

<\/h3> \r\n <\/div>[vc_column_text]Register for the online event Cyber Security Belgium<\/strong>. This event is completely online and starts on the 4th<\/sup> of June<\/strong>! From that moment you\u2019ll have 30 days<\/strong> of access to on demand videos<\/strong> and exclusive LIVE sessions<\/strong>. Don\u2019t wait too long to register, as the LIVE sessions have limited places.[\/vc_column_text][\/vc_column][\/vc_row]\n<\/div>","protected":false},"excerpt":{"rendered":"

[vc_row][vc_column width=”2\/3″][vc_column_text]It\u2019s ten to five on a Friday afternoon. A technician has come in to perform a routine check on an electronic door. She enters the office with no issues \u2013 she works for a trusted third-party vendor, employees see her every week. She opens her laptop and connects to the Door Access Control Unit, […]<\/p>\n","protected":false},"author":6,"featured_media":5971,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,13,26],"tags":[],"yoast_head":"\r\nInsider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference<\/title>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference\" \/>\r\n<meta property=\"og:description\" content=\"[vc_row][vc_column width=”2\/3″][vc_column_text]It\u2019s ten to five on a Friday afternoon. A technician has come in to perform a routine check on an electronic door. She enters the office with no issues \u2013 she works for a trusted third-party vendor, employees see her every week. She opens her laptop and connects to the Door Access Control Unit, […]\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Cyber Resilience Conference\" \/>\r\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/HeliviewCT\" \/>\r\n<meta property=\"article:published_time\" content=\"2021-05-20T14:11:33+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2021-05-20T15:10:06+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\r\n\t<meta property=\"og:image:height\" content=\"350\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:creator\" content=\"@HeliviewConf\" \/>\r\n<meta name=\"twitter:site\" content=\"@HeliviewConf\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/insider-threats-supply-chains-and-iot-breaking-down-a-modern-day-cyber-attack\/\",\"url\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/\",\"name\":\"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference\",\"isPartOf\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg\",\"datePublished\":\"2021-05-20T14:11:33+00:00\",\"dateModified\":\"2021-05-20T15:10:06+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage\",\"url\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg\",\"contentUrl\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg\",\"width\":1140,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#website\",\"url\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/\",\"name\":\"Cyber Resilience Conference\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/","og_locale":"en_US","og_type":"article","og_title":"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference","og_description":"[vc_row][vc_column width=”2\/3″][vc_column_text]It\u2019s ten to five on a Friday afternoon. A technician has come in to perform a routine check on an electronic door. She enters the office with no issues \u2013 she works for a trusted third-party vendor, employees see her every week. She opens her laptop and connects to the Door Access Control Unit, […]","og_url":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/","og_site_name":"Cyber Resilience Conference","article_publisher":"https:\/\/www.facebook.com\/HeliviewCT","article_published_time":"2021-05-20T14:11:33+00:00","article_modified_time":"2021-05-20T15:10:06+00:00","og_image":[{"width":1140,"height":350,"url":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_creator":"@HeliviewConf","twitter_site":"@HeliviewConf","twitter_misc":{"Written by":"","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/insider-threats-supply-chains-and-iot-breaking-down-a-modern-day-cyber-attack\/","url":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/","name":"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack - Cyber Resilience Conference","isPartOf":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg","datePublished":"2021-05-20T14:11:33+00:00","dateModified":"2021-05-20T15:10:06+00:00","author":{"@id":""},"breadcrumb":{"@id":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#primaryimage","url":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg","contentUrl":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2021\/05\/cyber.jpg","width":1140,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.darktrace.com\/en\/blog\/insider-threats-supply-chains-and-io-t-breaking-down-a-modern-day-cyber-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/heliview.com\/cyber-resilience-belgium\/"},{"@type":"ListItem","position":2,"name":"Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack"}]},{"@type":"WebSite","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#website","url":"https:\/\/heliview.com\/cyber-resilience-belgium\/","name":"Cyber Resilience Conference","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heliview.com\/cyber-resilience-belgium\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":""}]}},"_links":{"self":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/5970"}],"collection":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/comments?post=5970"}],"version-history":[{"count":1,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/5970\/revisions"}],"predecessor-version":[{"id":5972,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/5970\/revisions\/5972"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/media\/5971"}],"wp:attachment":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/media?parent=5970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/categories?post=5970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/tags?post=5970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}