Rising Number of Cyber Attacks on Supply Chains

Rising Number of Cyber Attacks on Supply Chains

Hackers are increasingly attacking weak spots in supply chains to threaten corporations.  

It’s important to secure your network carefully. Most companies understand the danger of leaving their network and data without proper security such as firewalls, up-to-date patching regimen, double authentication protocols, and frequent pen-testing. These protections secure your network readily against malware and other cyber attacks.

However, hackers are tricky and always looking for new areas to send their cyber attacks. One of the arenas that hackers are finding easier to attack lately is supply chains. Hackers have found that supply chains are weak spots in a secure network, attacking less-protected vendor networks that in turn become lateral access to the end customer’s network.

Where are the Weaknesses in a Supply Chain?

Working with partners online creates a difficult to manage dense forest of an ecosystem with potential weak spots that create vulnerability. Reports produced recently state that 50% of all cyberattacks focus on the supply chain. In 2018, attacks on supply chains rose to 78%, and this year, 2019, looks to be just as hazardous for supply chains. CSO Online reports these ongoing threats:

“The risks associated with a supply chain attack have never been higher, due to new types of attacks, growing public awareness of the threats, and increased oversight from regulators. Meanwhile, attackers have more resources and tools at their disposal than ever before, creating a perfect storm.”

Why are Hackers Aiming for Supply Chain Targets?

In an interview with Hussain Aldawood, an Australian University of Newcastle cyber-security expert, he reiterated the need to become knowledgeable about the latest supply chain attacks. In the interview, Aldawood responded with warnings about the attacks, stating that these supply chain attacks are so harmful to businesses because a single hacker can damage many linked organizations at one time. Since the demand for outsourced specialization has risen, so has the appetite for stealthy hacker attacks. He said:

“The need for outsourcing supply chains recently has increased the number of exposure points in the process because of the greater number of entities involved and linked. I believe that the number one risk derived from supply chain attacks is caused by sharing some sensitive data with suppliers.”

Sharing information with suppliers is critical for the proper functioning of the supply chain, but it adds a security risk that needs to be countered. Aldawood continued:

“If organizations manage supply chain management systems in a poor way, they can easily suffer from significant hazards of cyber attacks. Logically speaking, poorly managed supply chain management systems can lead to disruption of the manufacturing process. Another consequence can be losing sensitive customer data, which of course will lead to damaging a company’s reputation.”

Aldawood noted the well-known 2013 Target breach as an example. He mentioned that one specific incident resulted in about 90 lawsuits that Target had to resolve, spending about $61 million.

How can IT Service Companies Partner with Clients to Protect the Supply Chain?

Aldawood recommends that MSPs should have specific protocols in place in order to create better security in the supply chain, including:

  • Controlling the supply chain with a small supplier base
  • Implementation of stringent vendor controls including site audits at supplier locations and updated security protocols

Without such changes to security, supply chain cyber-attacks will continue to escalate. Recent cybersecurity trends show that breaches are continuing to increase which threatens the confidentiality, availability and integrity of data. Cyber-security specialists need to react more quickly to supply chain attacks according to Aldawood.

“We can’t ignore the fact that we are dealing with a huge challenge in the lack of cyber-security professionals over the speed of adopting new IT technologies. In my opinion, if organizations stay alert and adopt the latest security measures against advanced cyber threats, the problem of supply chain attacks might be better than it is today.”

MSPs should be proactive in protecting the client’s supply chains, not just the organization’s perimeter. It’s critical to build defenses needed against breaches that occur throughout the complicated ecosystem.