b'Business SecurityCyber Security: What is a Supply Chain Attack?By Jack Gerbs, QuanexusThe SolarWinds attack in the news has brought up many new terms that may not be familiar to business owners.Today we are going back-to-basics to discuss supply chain attacks. Every business uses third party software andhardware.Eventhesmallest businesshastocommunicatewith vendors and customers, receive, ship, bill, and inventory. A supply chain attack occurs when criminals infiltrate yourSystem,meaningthehackersgained systemthroughanoutsidepartneroraccess at the network level, and had the provider with access to your systems andsame permissions the management tool data. When a supply chain attack occurs,had. This allowed attackers to change hackers have access to the same datanetwork settings, move laterally through and permissions the software infiltratedthe network, and also target the user level. has access to. Second, the Orion tool is used by large Attackers target software developers andcorporations, and the US Government. suppliers looking for access to sourceThe SolarWinds Network Management code,orupdatetools.ThegoalistoSystem is used by 425 of the US Fortune infect a legitimate piece of software and500.use that software to distribute malwareMany of the large cyber-attacks that make tocustomers.Hackersbreakintothe news are supply chain attacks. The manufacturers servers and hide malwareTarget breach in 2014 was blamed on a in software updates. When these updatesthird-party vendor, as well as the Equifax are pushed out by trusted vendors, thebreach in 2017. The SolarWinds attack is updates are certified as safe.Customersthe largest and most consequential supply whoarefollowingsoundITpracticeschain attack we have seen, but it follows a patch and update their systems regularly,pattern well established in the cybercrime and unknowingly add the malware to theirlandscape.systems. Foundedin1992,QuanexusisoneofDaytonand TheSolarWindsattackisgreatlyCincinnatis most experienced IT Service Providers. They consequential for two reasons. First, theprovide cyber security, data, voice and physical security solutions for businesses in the region through unmatched OriontoolisaNetworkManagementintegrity, team-work and dedication. quanexus.comwww.mrca.orgMidwest Roofer 37'