Wake up call
It may surprise you that up to 80% of IT security breaches may originate in the supply chain. Some of the most high-profile hacks were at Target, Home Depot, Sony, Sears and JP Morgan Chase. The scale of the hacks are staggering. The Home Depot hack involved the compromisation of 65 million customer accounts and JP Morgan Chase had an impact on 7 million businesses. Perhaps the most interesting was Target, not only did the hackers gain access to the personal information of some 70 million customers but the manner in which they did so is illuminating. They breeched security by stealing network credentials from Fazio Mechanical Services, a provider of heating, ventilation and air conditioning (HVAC). How did they steal them? By stealing credentials from a supplier to Fazio. So at two removes Target was compromised through its supply chain. The other noteworthy point was that this was a HVAC supplier, what could have been stolen if it was a firm of external auditors doing work in Target, or a management consultancy – a corporation the size of Target surely had a few management consultants working on something at any one time. Or even more lethal, the law firm(s) used by Target.