A supply chain attack targets the less secure elements of a company’s supply chain, with the intent to cause serious disruption to those at the end of the attack.

Companies and businesses within the logistics sector regularly transfer sensitive information electronically, as it simplifies and speeds up communications between multiple organisations.

However, this does make sensitive information more susceptible to cybercrime. The more links in a supply chain, the more vulnerable it can become which highlights the importance of securely handling and storing your data.

In October 2021, BlueVoyant, a cyber security firm, released survey results of 1,200 companies where 93% had directly experienced a cyber security breach as a result of one of their suppliers’ security flaws.

The number of organisations reporting a cyber attack in their supply chain more than doubled from 14% in 2020 to 31% in 2021.

Cybercriminals also target supply chains as a means of reaching the broadest possible audience with their attacks. Identifying and compromising one strategically important company is an efficient use of resources which may result in a significant number of infections in the supply chain.

I don’t have a large supply chain, why would my business be affected?

It’s often perceived that small businesses are not big enough to be hit by a supply chain attack. However, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through the systems and networks that you use.

An example of a common type of supply chain attack is website compromise attacks, an example of this occurs when legitimate websites are compromised through website builders, commonly used by creative and digital agencies.

In this type of attack, cybercriminals will redirect the script, which enabled a malicious domain to be sent to victims where it was downloaded and installed on the systems of people who thoughts they were browsing a legitimate website.

This type of attack could then affect multiple businesses as the script that's used will be a template of a website that many UK-based digital agencies potentially will be using.

Why should I protect my supply chain?

Implementing change in your supply chain will take time, but the investment will be worthwhile in improving your overall resilience, reducing the number of business disruptions your supply chain will suffer and the damage they cause; financially, loss of working hours and your reputation.

Work with the Cyber Resilience Centre and your suppliers from the outset of a new relationship, and start the discussion about security earlier than you would during traditional product assurance engagements.

By developing partnerships with your suppliers and working with them so they adopt your approach to supply chain security as their own, there's much greater potential for success than if you simply mandated to comply to your terms.

By securing your supply chain you are helping demonstrate that your business is in compliance with GDPR and the new Data Protection Act. Ultimately, implementing these security measures may help you win new contracts, because of the trust you have sought in the security of your supply chain.

How can you protect your supply chain from cyber-attacks?

• Protect your internal systems by installing firewalls and virus-detection programs, these will block malware from accessing your systems.
• Make sure your staff and IT department are regularly backing up your files and databases in the event that a cyber-attack deletes any trace of them. Make a backup in the cloud and one which is kept offline should you need to recover from an attack.
• Make sure you are ,training all your employees so they are able to recognise attempted cyber-attacks and know how to respond if they see something wrong. Your employees don't need to be cyber experts but should be educated on the dangers of opening suspicious emails, and clicking on unknown URLs, links, and email attachments.
• Ensure administrator permissions on devices aren't open to all employees. It's important your staff are unable to download unauthorised software and applications that could potentially damage your firewalls.
• Be careful of who's part of your supply chain, ensure that they regularly conduct security audits or have security certifications (like ,Cyber Essentials) and put this within any business contracts you have.
• You can further manage the risks with a cyber security policy that is regularly updated and adopted.
• Make sure you have a ,Cyber Incident response plan that provides a process that will help your business, charity or third-sector organisation to respond effectively in the event of a cyber-attack.

If you have any questions about protecting your supply chain or want to explore how we can support your business and your supply chain in implementing these control, ,contact us today.

How can the North West Cyber Resilience Centre support my business?

We offer a range of membership options depending on what level of support your business needs. Our ,Free Membership gives you access to a range of resources and tools to help you identify your risks and vulnerabilities, as well as provide guidance on the steps you can take to increase your levels of protection.

We also offer a range of affordable ,cyber resilience services with the very current knowledge and technical expertise of the UK's top cyber talent. These services help businesses and their supply chain to prepare and improve cyber resilience.