1_2_12 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Supply Chain Attacks

Questions and Answers

What is the main concern with supply chain attacks?

• Security of the end consumer
• Quality control of raw materials
• Efficiency of the manufacturing process
• Trustworthiness of suppliers (correct)

In the Target Corporation breach, where did the attack actually originate?

• Target Corporation
• Pennsylvania HVAC company (correct)
• Manufacturers
• Consumers

Why are supply chain attacks effective?

• They have limited points of entry
• They exploit trust between different entities in the supply chain (correct)
• They focus on quality control
• They target only consumers

What role did the HVAC technicians play in the Target breach?

Provided maintenance for HVAC systems at Target (B)

What was the initial target of the 2013 supply chain attack?

HVAC company in Pennsylvania (C)

Why is it important to secure every point along the supply chain?

To prevent any potential attack from spreading downstream (A)

What was the initial attack vector used in the supply chain attack?

HVAC suppliers (C)

What allowed the attackers to access every register at all 1,800 Target stores?

Lack of security on the inside network (C)

Why are organizations narrowing down the number of vendors they work with?

To increase trust and security (A)

What is a key strategy mentioned in the text for enhancing supply chain cybersecurity?

Implementing multi-factor authentication for vendors (A)

How can organizations ensure trust in the products they receive from suppliers?

By teaming up with suppliers for audits (D)

What factor has made supply chain cybersecurity a significant concern for organizations?

Growing number of cyber threats (A)

What makes supply chain attacks particularly effective, according to the text?

Organizations' tendency to trust products received from suppliers. (A)

Where did the 2013 supply chain attack, which ultimately affected the Target Corporation, originate?

An HVAC company in Pennsylvania. (B)

Why do attackers have ample opportunities to infect the supply chain, as mentioned in the text?

The diverse points along the supply chain providing vulnerabilities. (C)

What aspect of organizations' behavior contributes significantly to the success of supply chain attacks?

Reliance on received products without verifying their source. (C)

In what way did the breach involving the Target Corporation differ from traditional attacks?

It started at a different company in the supply chain. (D)

Why are supply chain attacks able to cause widespread damage across multiple organizations?

Because of the interconnectedness and dependencies in the supply chain. (A)

What made the Target network vulnerable to the attackers once they gained access through the HVAC suppliers?

Lack of additional security measures on the inside of the Target network. (B)

Why are organizations reducing the number of vendors they work with, as discussed in the text?

To conduct more rigorous testing and auditing on trusted suppliers. (A)

What is a critical aspect highlighted in ensuring supply chain cybersecurity according to the text?

Enforcing strict controls and auditing on suppliers. (A)

Why are supply chain attacks particularly effective?

As they exploit unexpected and less secure entry points. (C)

In the context of supply chain cybersecurity, why do organizations need to trust the products from their suppliers?

To safeguard their own network integrity and security. (A)

What aspect is emphasized as a crucial step for organizations to enhance supply chain cybersecurity?

Collaborating closely with trusted suppliers for a safer product delivery. (B)

Flashcards are hidden until you start studying