A supply chain attack is a cyber-attack that targets the less secure elements of a company’s supply chain, with the intent to cause serious damage for those on the end of the attack.
Companies and businesses within logistics regularly transfer sensitive information electronically, as it simplifies and speeds up communications between multiple organisations.
However, this does make the sensitive information more susceptible to cybercrime.
The more links in a supply chain, the more vulnerable it becomes which highlights the importance of securely handling and storing data.
In October 2021, BlueVoyant, a cyber security firm, released survey results of 1,200 companies where 93% had directly experienced a cyber security breach as a result of one of their suppliers’ security flaws.
The number of organisations reporting a supply chain more than doubled from 14% in 2020 to 31% in 2021.
Cyber criminals also target supply chains as a means of reaching the broadest possible audience with their malware. Identifying and compromising one strategically important element is an efficient use of resources and may result in a significant number of infections.
I don’t think I have a supply chain, so why would I be affected?
It’s often perceived that small businesses are not big enough to be hit by a supply chain attack, however it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through systems that you use.
An example of a common type of supply chain attack is website compromise attacks, an example of this occurred when legitimate websites were compromised through websites builders used by creative and digital agencies.
In this attack, the cybercriminals redirected the script, which enabled a malicious domain to be sent to victims where it was downloaded and installed on the systems of those browsing legitimate websites.
This attack unfortunately affected multiple businesses as the script that was redirected was in the template of a website design that many UK based digital agencies used.
How can you improve your supply chain cyber security?
Protect your internal systems via the installation of firewalls and virus-detection programs to block malware from accessing your systems.
Regularly back up your files and databases in the event that a cyber-attack deletes any trace of them.
Train your employees so they are able to recognise attempted cyber-attacks and know how to respond if their devices are affected. Your employees do not need to be cyber experts but should be educated on the dangers of opening suspicious emails, clicking on unknown URL’s, links, and email attachments.
Lockdown permissions on devices so that employees are unable to download unauthorised software and applications that could potentially damage your firewalls.
Be careful of those who supply your supply chain, ensure that they regularly conduct security audits or have security certifications and put this within a contract.
Manage the risks with a cyber security policy that is regularly updated and adopted, you also should have an incident response plan that provides a process that will help your business, charity or third sector organisation to respond effectively in the event of a cyber-attack.
How can the Cyber Resilience Centre for the South East support my business?
The SECRC offers a range a membership options depending on what level of support businesses in Hampshire, Surrey, Sussex, Oxfordshire, Berkshire and Buckinghamshire need.
The Core Membership is free and provides businesses with 50 or fewer employees, access to a range of resources and tools to help them identify their risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection.
Working in conjunction with local universities and the regions local forces, the SECRC is able to provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top cyber talent. These services help SMEs and therefore their supply chain to prepare and improve cyber resilience.
From staff training to reviewing a company’s network and systems, these services will help boost a cyber security strategy.