weak-link

Are you the weak link for your customers?

This article has originally been written in french and then translated with tools. The translation should be on point, but please forgive us if some parts are not perfect.

This article was written as part of our collaboration with STIQ as a member. We want to help manufacturing companies understand the cybersecurity issues specific to their sector of activity, and therefore protect themselves.

The popular imagination often describes certain organized crime groups of hackers as prodigies who stop at nothing. We see them successfully compromising the systems of the US government or multinationals that have invested millions of dollars in cybersecurity.

With this in mind, the easy shortcut is to tell ourselves that there’s nothing to be done, that if even organizations of this scale are affected, the battle is lost in advance.

Unfortunately, we’ll never be able to protect ourselves 100%, but protecting our data is a collective effort, and every player has a part to play.

Hackers, no matter how skilled, will always try to find the shortest route to their target. Okay, a challenge is stimulating, but why complicate your life?

Let’s take an example to illustrate: a group of criminals wants to attack a giant like a multinational corporation, because they know they’ll be able to demand a higher ransom or that the data will be worth more. This company has invested heavily in securing its systems, so it won’t be child’s play. But this company doesn’t live in an isolated world, it has suppliers, many of them SMEs, who don’t have much in the way of cybersecurity in place. And these suppliers have some access to the systems of the target multinational. Can you see where we’re going?

Criminals target the weakest link in the supply chain, and often that’s you.

Here are a few real-life examples:

You’ll notice that it’s not the compromised supplier who is named in the headlines of these articles, it’s the large organization behind them. The “responsible” supplier will be named in the article, but it won’t be the main media target. The reputational damage will be worse for the customer who simply made the mistake of trusting his suppliers.

Are you seeing more and more cybersecurity criteria, such as penetration testing, appearing in your customers’ calls for tender?

That’s why. They just want to protect themselves as much as possible from this attack vector. To win points with your customers, or even just to be able to do business with them, you have no choice but to invest in cybersecurity.

In addition to the business development aspect, remember too that if a criminal group is targeting you to hit a big player, they’re unlikely to be content with just using you as an entry point. They’re likely to steal sensitive data and/or deploy ransomware in your company.

  • How much does one hour of production line downtime cost?
  • Do you have backups in place?
  • How long would it take to rebuild your entire network from these backups? (spoiler alert: probably longer than you think)
  • Based on this answer, how much would it cost to have employees unable to work? Stopped production?

Certainly more than the budget required to provide an adequate level of protection. We hate to play on the fear factor in our field, but it’s our responsibility to make companies aware of the real issues.

Don’t be your customers’ weak link, bring cybersecurity back to the strategic level of your business and take action.

Peace ✌️

Cyndie & Nicholas

    Why Yack?

    First, for those of you who don't know, the yak is an animal. The energy it radiates (chill with its toupee, but we wouldn't want to piss it off with its horns...) represents us well, and the nerdiest among you might see the little nod to Linux 😉. Of course, Yack's resemblance to Hack is no mere coincidence. It's also a short, punchy name that, once again, sounds like us. Finally, it's a word that earns you 24 points in Scrabble (hello Office de la langue française). Why did you choose .one? In offensive security, all it takes is one attack..."
    A little more about us

    "Pourquoi Yack?

    First, pour ceux qui ne le savent pas, le yack est un animal. L'énergie qu'il dégage (chill avec son toupet, mais on ne voudrait pas l'énerver avec ses cornes...) nous représente bien, et les plus nerds d'entre vous verront peut-être le petit clin d'œil à Linux 😉. Bien sûr, la ressemblance de Yack avec Hack n'est pas une simple coïncidence. C'est aussi un nom court, qui punch, et qui encore une fois, nous ressemble. Enfin, c'est un mot qui te rapporte 24 points au scrabble (bonjour office de la langue française). Pourquoi avoir choisi .one? En sécurité offensive, il suffit d'une (one) attaque..."
    Un peu plus sur nous