A supply chain attack targets the less secure elements of a company’s supply chain, intending to cause serious disruption to those at the end of the attack.
Companies and businesses within the logistics sector regularly transfer sensitive information electronically, as it simplifies and speeds up communications between multiple organisations.
However, this does make sensitive information more susceptible to cybercrime. The more links in a supply chain, the more vulnerable it can become, highlighting the importance of securely handling and storing your data.
In October 2021, BlueVoyant, a cyber security firm, released survey results of 1,200 companies where 93% had directly experienced a cyber security breach due to one of their suppliers’ security flaws.
The number of organisations reporting a cyber attack in their supply chain more than doubled from 14% in 2020 to 31% in 2021.
Cybercriminals also target supply chains to reach the broadest possible audience with their attacks. Identifying and compromising one strategically important company is an efficient use of resources which may result in a significant number of infections in the supply chain.
I don’t have a large supply chain, why would my business be affected?
It’s often perceived that small businesses are not big enough to be hit by a supply chain attack. However, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through your systems and networks.
An example of a common type of supply chain attack is website compromise attacks, an example of this occurs when legitimate websites are compromised through website builders, commonly used by creative and digital agencies.
In this type of attack, cybercriminals will redirect the script, which enables a malicious domain to be sent to victims, where it was downloaded and installed on the systems of people who thoughts they were browsing a legitimate website.
This type of attack could then affect multiple businesses as the script that's used will be a template of a website that many UK-based digital agencies will potentially be using.
Why should I protect my supply chain?
Implementing change in your supply chain will take time, but the investment will be worthwhile in improving your overall resilience, reducing the number of business disruptions your supply chain will suffer and the damage they cause; financially, loss of working hours and your reputation.
Work with the Cyber Resilience Centre and your suppliers from the outset of a new relationship, and start discussing security earlier than you would during traditional product assurance engagements.
By developing partnerships with your suppliers and working with them, so they adopt your approach to supply chain security as their own, there's much greater potential for success than if you were simply mandated to comply with your terms.
By securing your supply chain, you are helping demonstrate that your business is in compliance with GDPR and the new Data Protection Act. Ultimately, implementing these security measures may help you win new contracts because of the trust you have sought in the security of your supply chain.
How can you protect your supply chain from cyber-attacks?
Protect your internal systems by installing firewalls and virus-detection programs; these will block malware from accessing your systems.
Ensure your staff and IT department are regularly backing up your files and databases if a cyber-attack deletes any trace of them. Make a backup in the cloud and one which is kept offline should you need to recover from an attack.
Ensure you are training all your employees, so they can recognise attempted cyber-attacks and know how to respond if they see something wrong. Your employees don't need to be cyber experts but should be educated on the dangers of opening suspicious emails and clicking on unknown URLs, links, and email attachments.
Worried about your website or a supplier's website? Talk to us about a Website Vulnerability Assessment; we can scan for any vulnerabilities and ensure nobody can hack in to download your data or compromise your business.
Ensure administrator permissions on devices aren't open to all employees. It's important your staff are unable to download unauthorised software and applications that could potentially damage your firewalls.
Be careful of who's part of your supply chain; ensure that they regularly conduct security audits or have security certifications (like Cyber Essentials), and put this within any business contracts you have.
You can further manage the risks with a cyber security policy that is regularly updated and adopted.
Ensure you have a Cyber Incident response plan that provides a process that will help your business, charity or third-sector organisation respond effectively in the event of a cyber-attack.
If you have any questions about protecting your supply chain or want to explore how we can support your business and supply chain in implementing these controls, contact us today.
How can the North West Cyber Resilience Centre support my business?
We offer a range of membership options depending on what level of support your business needs. Our Free Membership gives you access to a range of resources and tools to help you identify your risks and vulnerabilities, as well as provide guidance on the steps you can take to increase your levels of protection.
We also offer affordable cyber resilience services with the current knowledge and technical expertise of the UK's top cyber talent. These services help businesses and their supply chain to prepare and improve cyber resilience.
