Secondary targeting: how to strengthen the weakest link in your cybersecurity defence

Imagine your company is a castle — your cybersecurity defence is the wall and moat surrounding it. You’ve built a strong wall, a deep moat, and you go to great lengths to ensure these defences are maintained. But every day, you allow allies from a neighbouring town to cross your drawbridge and enter the castle to do business. It’s an essential part of your supply chain — but it can be hard to keep track of everyone. How can you ensure your security remains intact?

Threat actors tend to target the weakest link of a business. No surprises there. But according to ESET, we’re often so focused on ameliorating our own vulnerabilities that we forget to look further afield. And that’s where secondary targeting, or supply-chain cyberattacks, come into play.

Read on for ESET’s rundown of what secondary targeting is, how you can detect it, and what steps you can take to protect your business — and your wider network — from harm.

What is secondary targeting and how does it work?

Today, businesses are more interconnected than ever before. Whether it’s through file-sharing apps, emails, or other online systems, it’s rare to find a company that operates in a complete vacuum. Our digital networks make it possible to work effectively with partners, suppliers, clients, and stakeholders on a daily basis. But more connections also mean more cybersecurity risks — including the risk of secondary targeting.

Secondary targeting is where cyberattackers gain access to the networks of a business connected to another, higher value, primary target, such as a company holding large amounts of confidential customer data. These secondary targets are usually companies in a supply chain, providing products or services to the target company such as recruitment, design, accountancy, legal, or catering.

According to the Australian Cyber Security Centre (ACSC), secondary targeting has escalated in recent years, largely due to the increase of cybersecurity awareness and defence measures in the private and public sectors. When a threat actor attempts to target a high value network but encounters a strong defence, the attacker will instead try to access other, weaker targets that are connected to the original target.

Are there weak links in your supply chain?

If your company is a likely primary target of a data breach, then you may be at risk of being attacked via secondary targeting. So how can you identify a “weak link” in your supply-chain network?

Weak links have a number of characteristics that make them an attractive secondary target. The key requirement, of course, is that they have a weak cybersecurity posture, making it easy for threat actors to access their network.

The second requirement is that they are linked to the primary target — your company — in some way. They may hold the same data as your business, or have connections to your network, or can provide the attackers with the information they need to eventually compromise your network.

According to the ACSC, typical secondary targets include:

• A company, such as a partner or supplier, that shares a direct connection with your network.
• A company that holds digital records relating to your business, such as your employees’ names, emails or financial information — data that would help support a spear phishing campaign directed at your company.
• A connection that allows an attacker to gain access to credentials to allow access to your network that seems “legitimate”, and so goes unnoticed.
• A supplier of software or other products on a secondary network that can be compromised with malicious content, and then installed on your network.

Are you the weak link in someone else’s network?

As an SMB owner you may be just as likely to be a secondary target, unknowingly aiding an attacker in reaching their primary goal. Even if you’re a small company, it’s important to think about who you are connected with, and what a cybercriminal might look to gain by accessing your network or data. Do you have weak cybersecurity defences? Are you sharing a network with any companies or customers that might be considered high value to a hacker?

For example, you may have a connection between your network and that of a partner, who is a major healthcare company holding the medical records of thousands of patients. That data could be at risk if your own company’s network is breached.

It’s important for every company to take responsibility for the security of business partners’, employees’, and customers’ data it may have direct or secondary access to. This is especially critical in light of recent laws such as Australia's mandatory Data Breach Notification and the EU General Data Protection Regulation. But a strong security posture won’t just help you avoid compliance, legal and financial trouble — it will also help you maintain strong business relationships, a good reputation, and encourage others to work with you in the future.

Steps you can take to prevent secondary targeting

So how can you ensure you’re not a direct or indirect victim of secondary targeting? There are a number of best practices in supply chain risk management that you can follow:

1. Run an audit of the companies who have access to your network or valuable data. Assess the cybersecurity defence of these organisations, and keep these records up to date.
2. Where possible, limit the number of companies that have access to your network or data, and ensure they can only access the systems and data they absolutely need.
3. If you start a new business partnership that requires sharing network access, assess the levels of cybersecurity defence of the other business, and include clauses in your contracts on specific security policies and meeting relevant regulatory requirements such as the Notifiable Data Breaches scheme, GDPR, and so on.
4. Train your employees to recognise and react to typical signs of a security breach, include secondary targeting in your incident response plan, and encourage your business partners to do the same.
5. Real-time tracking and visibility is essential to preventing or mitigating any kind of cybersecurity breach. Your security strategy needs to be as proactive and adaptable as the threats you are facing.

Keeping every base covered

Following these measures will help mitigate the risks of secondary targeting for your business — but you can’t guarantee that every company you connect with will do the same. Having additional security controls in place, such as those provided by the ESET Security Solution Pack, will help ensure both your network and connected networks stay secure.

Image credit: ©stock.adobe.com/au/Production Perig