Cyber attacks don’t always come from within. They can originate from an external source, such as a vendor or partner. Most businesses, of course, work with vendors or partners. If your business falls under this category, it may susceptible to island hopping.
What Is Island Hopping?
Island hopping is a cyber attack in which a hacker targets a low-level vendor or partner for the purpose of reaching a higher-level business. Vendors and partners often have weaker cybersecurity defenses. Some of them may use outdated software, whereas others may fail to deploy firewalls or other cybersecurity measures.
With their weaker cybersecurity defenses, these vendors and partners may be targeted by hackers. Island hopping involves targeting vendors and partners so that the hacker can ultimately target a higher-level businesses.
It’s known as “island hopping” because the hacker jumps around from vendors and partners to businesses. All island hopping attacks begin with a low-level vendor or partner. After the hacker has breached the vendor or partner, he or she will jump to another business.
Give Vendors and Partners Unique IDs
You can protect your business from island hopping by assigning unique IDS for vendors and partners. Don’t allow them to share the same ID. ID sharing is a vulnerability. If one of the vendors or partners is compromised, the hacker may use its account to deploy malware to your business’s network. Giving vendors and partners unique IDs will allow you to isolate and track their respective activities.
To protect your business from island hopping, you must secure its endpoints. Endpoints are physical devices. Computers, for instance, are classified as endpoints. Other types of endpoints include smartphones, smart printers, fax machines, servers and tablets. Even if your business’s network is secure, its endpoints may not be. Endpoint security will protect your business from a range of different cyber attacks, one of which being island hopping.
Avoid Phishing Schemes
Many island hopping attacks involve phishing. A hacker may breach a vendor’s or partner’s server to identify your business’s email address. The hacker may then send you an email impersonating the vendor or partner. The email may feature the vendor’s or partner’s name. And it may even feature the vendor’s or partner’s logo and other brand visuals. Phishing schemes such as this, however, aren’t legitimate. They are sent by hackers who impersonate other businesses. You need to avoid phishing schemes to protect your business from island hopping.