An Island Hopping Cyber Attack Is No Holiday

Summary: This 3-minute article discusses the cyber security threats posed by island hopping attacks and how to protect your SMB from them. Also, learn how to devise an appropriate IT incident response plan. Then, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com for a cyber risk analysis and to discuss your SMB’s cyber protections.

Outside the IT world, island hopping conjures up beautiful images of lush islands and dream vacations. However, in the cyber security universe, island hopping is a sophisticated threat that can potentially devastate businesses, their vendors and customers.

What Is An Island Hopping Cyber Attack?

You’ve probably heard the expression “moving up the food chain.” In an island hopping attack, hackers exploit the cyber vulnerabilities of small businesses to move up the food chain to large companies with robust, hard-to-breach cyber defenses. Unfortunately, because many SMB owners don’t think hackers would be interested in their companies, they don’t focus enough on protecting their data from breaches by cybercriminals. Therefore, their less-protected networks can become access points through which hackers can attack the computer networks of large companies, much higher on the “food chain,” circumventing their defenses. Historically, the most significant island hopping cyber attacks have targeted manufacturing companies, healthcare entities, financial institutions and retail sales platforms. This attack method was named island hopping because it literally hops from one third-party business to another, compromising them along the way and leading to the grand prize of breaching a larger, more protected company.

One particularly devious island hopping technique is called a supply chain cyber attack. In a supply chain attack, malicious software or viruses are spread through vendors and suppliers. For example, in an insider attack (by an employee), a well-placed USB drive can be loaded with malware to infect an entire network and spread to other business networks of vendors, customers, clients or patients. Along the way, successful hackers use credential harvesting to gain unauthorized access to user passwords, screen names, email addresses and other private data from which to launch more cyber attacks. If businesses do not know about or address their cyber vulnerabilities, it is only a matter of time before they fall victim to an attack.

Cybercriminals have successfully used island hopping attacks to steal private data and intellectual property and deploy additional malware attacks. Once in your computer system, the hacker is in control.

Preparation is Key. Start by Creating Best Practices and an IT Incident Response Plan

Using a comprehensive IT incident response plan in tandem with ongoing employee training will help keep everyone on the same page in protecting your company’s data. Many steps can be taken to significantly reduce the chances of an island hopping cyber attack:

• Determine What Access Business Partners Require – You might not give a graphic designer access to all of the accounting department’s files. Similarly, but even more importantly, you should carefully isolate and customize access for your business partners and remove any unnecessary permissions.
• Check The Security Of Your Partner Companies – If you have up-to-date state-of-the-art cyber security in place, it is reasonable to request that partners and third parties to your business be transparent about their cyber protections. In addition, to support an efficient, trusting and cooperative business relationship, regular security audits should be conducted to ensure all the companies remain secure.
• Match Cyber Security Infrastructures – In the best possible scenario, partners will try to match their cyber security infrastructures. By having similar cyber “ecosystems,” inter-company security can be more seamless, with protections for your business and everyone you work with.
• Consistent Use of Multi-Factor Authentication – Cracking passwords is no longer difficult for hackers. Using multi-factor authentication across all platforms is a powerful front line protection against credential harvesting.
• Utilize Network Segmentation – SMBs can control server access by outside parties through segmentation. For example, in everyday life, a landlord will give you a key to your apartment but not a key to the apartment across the hall. Segmentation isolates and protects data from unauthorized access. 
• Create a Comprehensive IT Incident Response Plan – Panic is a natural response to a severe data breach. However, having a detailed plan for the next steps after an attack can make an enormous difference in minimizing losses incurred and downtime. Suppose the employees in your SMB are not tech-savvy enough to create and implement the plan. In that case, it is a great idea to hire IT experts to assist you in IT incident response planning and, in the event of an attack, become part of your incident response team and take the lead on network security.

Cyber security is a digital treadmill. SMBs have no choice but to relentlessly pursue everything they can to protect their company’s data and the data of their partners and third-party business associates. Unfortunately, small businesses are far less likely to survive cyber attacks than large corporations. More than half of cyber assaults on SMBs lead to bankruptcy. Therefore, if you don’t feel you can address all of your own security issues, it is essential to enlist cyber security professionals to help you defend against cyber attacks and plan for the possibility of network breaches in the future.