Security was never enough, and it is especially never enough in the digital age. A lot of things may be deceitful despite looking proper. That’s when email security enters the stage. Personal emails should be guarded, but that’s something that lies on the shoulders of each user individually.
If you ask a question “What is email security?”, we’ll answer it generally concerns protection of work emails. When it comes to personal use, you know that you can trust WritePapers with your email address. But things are much more complicated when it comes to corporate emails, as they are the gateway for a supply chain attack.
Table of Contents
Why Are Digital Supply Chains at Risk?
Nothing exists in a vacuum. Your service, be it a website or a SaaS platform, depends on or is linked to multiple third-party services and tools. The chain of those third party tools is the digital supply chain. And it is never safe. Actually, due to their complicated and inflexible infrastructure, supply chains are much more brittle than one can imagine.
What Is a Supply Chain Attack?
So, before we move on, let’s check out the supply chain attack definition to properly understand what we are talking about here.
In the digital age, those three words refer to cyberattacks that aim at damaging an organization by targeting less secure components of the supply chain. To be more precise, those are the attacks targeting trusted third-party vendors.
And it’s a big issue for two reasons. The first reason is that most software projects generally have over two hundred dependencies. In other words, the average supply chain has over two hundred components. The second reason is that supply chain attacks have been on the rise since the 2010s. And there are various types of supply chain attacks, including:
- Browser-based attacks
- Open-source attacks
- Software attacks
- JavaScript attacks
- CI/CD infrastructure attacks
- Dependency confusion attacks
- Social engineering attacks
The list is incomplete, and, probably, will never be complete, as new supply chain attack types may be waiting around the corner. There’s cryptojacking, a practice of hijacking an unsuspecting user’s device to mine a cryptocurrency. But, as we are talking about email protection, we need to focus on social engineering supply chain attacks.
Basically, there are two types of social engineering attacks: vendor email compromise and email spoofing.
In the first case, the malefactor hijacks an email account and utilizes it to target other parties, for example, making fraudulent requests. Vendor email compromise is one of the most dangerous attacks, as supply chain threat detection occurs when the damage is already done.
Email spoofing is the most common type of supply chain attacks where criminals use an email address that mimics the actual email address of a real company.
In 2016, the FACC, an Austrian aerospace parts maker, transferred $47 million to swindlers because of an email mimicking one of the company’s CEOs.
A group of hackers leaked terabytes of data stolen from Sony Pictures (damage that cost the company approximately $100 million). The data was obtained by sending messages to Sony executives via an email address that mimicked one of Apple’s.
The most famous, or infamous if you want, among the supply chain attack examples is the case of fuel supplier Colonial Pipe. A phishing email led to a ransomware attack, which paralyzed the company’s network and billing system. The Colonial Pipe ended up paying hackers over $4 million in ransom. But the attack shut the company’s operations for a week, with Colonial Pipe losing over $4 billion.
Ways to Prevent Supply Chain Attacks via Email Security
As you can see, the security of email is a crucial aspect for any company. Of course, an employee’s attention is required. But no company can rely solely on that.
For example, an employee may think that there’s something fishy about an email from the CEO that asks to click the https://writepapers.com/write-my-term-paper link, especially if the company has nothing to do with academic writing. But what if the “CEO” asks to click here?
Yes, supply chain attack prevention cannot rely solely on the employees’ vigilance. The approach must be systematic. That’s why most companies, aside from using procedural protocols, also utilize SPF, DKIM, and DMARC.
Sender Policy Framework
SPF, or Sender Policy Framework, is an authentication system that detects fake emails. The system allows for the detection of malefactors that attempt to send a phishing email from a domain that belongs to a particular company.
The system is based on SPF records published by the domain owner in DNS. The mail server that utilizes SPF checks the identity of the sender’s mail server against the SPF records, and if the server is not listed there, it won’t pass the verification.
DomainKeys Identified Mail
DKIM, or DomainKeys Identified Mail, is a protocol that requires a message to be signed in order to be transmitted. Hence, the message must pass cryptographic authentication to be sent.
There’s a public key, which is published in DNS, and a private key that senders use to sign the message. If the private and public keys don’t match, the email won’t be sent.
Domain-Based Message Authentication, Reporting & Conformance
Finally, there’s DMARC, or the Domain-Based Message Authentication, Reporting & Conformance. This protocol, which can be used together with SPF and DKIM mechanisms, allows domain owners to implement their own policies in the mail server regarding the incoming emails.
The policies may include quarantining or rejecting the inbound emails that failed SPF and DKIM, notifying the domain owner of emails that pretend to belong to the domain, and extracting and analyzing data from the quarantine or/and rejected emails.
Which Supply Chain Attack Prevention Method Is Better?
So, there are three methods that allow preventing supply chain attacks via email security. Which one to choose?
The SPF system has its benefits, so does the DKIM protocol. But both of them have weaknesses, and malefactors are aware of them. DMARC is a better option, as it is truly about how to prevent supply chain attacks, especially when paired with SPF or DKIM. This way, the business would be able to significantly minimize the risk of supply chain attacks.