A supply chain attack targets the less secure elements of a company’s supply chain, with the intent to cause serious disruption to those at the end of the attack.
Companies and businesses within the logistics sector regularly transfer sensitive information electronically, as it simplifies and speeds up communications between multiple organisations.
However, this does make sensitive information more susceptible to cybercrime. The more links in a supply chain, the more vulnerable it can become which highlights the importance of securely handling and storing your data.
In October 2021, BlueVoyant, a cyber security firm, released survey results of 1,200 companies where 93% had directly experienced a cyber security breach as a result of one of their suppliers’ security flaws.
The number of organisations reporting a cyber attack in their supply chain more than doubled from 14% in 2020 to 31% in 2021.
Cybercriminals also target supply chains as a means of reaching the broadest possible audience with their attacks. Identifying and compromising one strategically important company is an efficient use of resources which may result in a significant number of infections in the supply chain.
It’s often perceived that small businesses are not big enough to be hit by a supply chain attack. However, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through the systems and networks that you use.
An example of a common type of supply chain attack is website compromise attacks, an example of this occurs when legitimate websites are compromised through website builders, commonly used by creative and digital agencies.
In this type of attack, cybercriminals will redirect the script, which enabled a malicious domain to be sent to victims where it was downloaded and installed on the systems of people who thoughts they were browsing a legitimate website.
This type of attack could then affect multiple businesses as the script that's used will be a template of a website that many UK-based digital agencies potentially will be using.
Implementing change in your supply chain will take time, but the investment will be worthwhile in improving your overall resilience, reducing the number of business disruptions your supply chain will suffer and the damage they cause; financially, loss of working hours and your reputation.
Work with the Cyber Resilience Centre and your suppliers from the outset of a new relationship, and start the discussion about security earlier than you would during traditional product assurance engagements.
By developing partnerships with your suppliers and working with them so they adopt your approach to supply chain security as their own, there's much greater potential for success than if you simply mandated to comply to your terms.
By securing your supply chain you are helping demonstrate that your business is in compliance with GDPR and the new Data Protection Act. Ultimately, implementing these security measures may help you win new contracts, because of the trust you have sought in the security of your supply chain.
If you have any questions about protecting your supply chain or want to explore how we can support your business and your supply chain in implementing these control, ,contact us today.
We offer a range of membership options depending on what level of support your business needs. Our ,Free Membership gives you access to a range of resources and tools to help you identify your risks and vulnerabilities, as well as provide guidance on the steps you can take to increase your levels of protection.
We also offer a range of affordable ,cyber resilience services with the very current knowledge and technical expertise of the UK's top cyber talent. These services help businesses and their supply chain to prepare and improve cyber resilience.
Click to Open Code Editor