Cyber adversaries will target the weakest link. If they are trying to target a network but it has strong cyber security, they will move to what’s called secondary targeting. In secondary targeting, the adversary will try to compromise other networks that might be easier to target and hold the same information, are connected to their target network, or can provide information they can use to compromise the target network.
For example, a cyber adversary could:
exploit direct connections between networks, such as a connection you might have between your network and that of a supplier
find information in a secondary network—such as staff names and positions or financial information—that would make it easier to develop sophisticated spearphishing emails to deliver malware and compromise your network
modify software or other products on a secondary network with malicious content, which is then installed on your network
gain access to credentials to allow seemingly legitimate access to your network.
As businesses have become more cyber aware and secure, secondary targeting has increased. It is now a significant threat for Australian businesses.
The level of threat your organisation faces from secondary targeting depends on:
the relationships you have with other networks
how much access is allowed between them
the cyber security posture of each network
how much information is stored on each network.
Companies that provide products or services through outsourcing arrangements are highly attractive to cyber adversaries.
How to recover from secondary targeting
Recovering from secondary targeting will depend on how your network is compromised. Read more about common threat types for more information on how to recover from threats.
How to protect from secondary targeting
When you give other people or organisations access to your network, it becomes exposed to their security posture. Make sure you know and understand the risks associated with a connected network to mitigate cyber security risks.
To prevent secondary targeting of your network:
Limit the number of organisations who have access to your network to only those who need it. Restrict their access to only the systems and data they need access to.
When starting a new business relationship that includes sharing network access, assess the cyber security posture of the other business as part of your due diligence checks. You could also include clauses in your contracts about specific cyber security strategies they need to have in place.
Apply key security controls to both your network and connected networks. Consider our Strategies to Mitigate Cyber Security Incidents for what controls might be most effective.
Consider the potential of secondary targeting in your incident response planning so everyone understands the risks and how to respond if something goes wrong.