Unprotected suppliers? Your company is at risk; understand the attack on the supply chain

As companies are increasingly exposed to the risks of cyber attacks against their supply chains, it has become more important than ever to take protective measures.

Once their suppliers have more limited security actions in place, they become easy targets for cybercriminals to access their networks and promote attacks that can compromise the entire supply chain.

Cyber attacks against the supply chain represent a serious risk for companies of all sizes and segments, as they can lead to the loss of sensitive data, theft of products or even the interruption of the flow of supplies.

In practice, managing the supply chain goes beyond keeping the purchasing, transportation, storage and sales processes running smoothly. You have to be aware of cyber risks at every link in the chain, from the supplier to the end consumer who has invested time and money in purchasing a product or service and is looking for immediate satisfaction.

The aim of our article is to show that there are measures that companies can take to protect themselves from cyber-attacks, as many of them are still struggling to protect their supply chain. Some best practices include implementing strong access control measures, data encryption and regular data backup. However, these measures are not foolproof and companies must be prepared to respond to attacks should they occur.

What are the risks of cyber attacks on the supply chain?

The global shortage of chips caused by the Covid-19 crisis, used mainly in computers, cars and mobile devices, is not the only aspect affecting supply chains around the world today. New research by the NCC Group illustrates that the number of cyber attacks increased by more than half (51%) during the period from July to December 2021.

The study, which surveyed 1,400 cybersecurity decision-makers, showed that 36% of respondents said they were more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said that their company and its suppliers are equally responsible for supply chain security.

With the number of disruptions in the supply chain on the rise, many respondents recognize that this is a problem in the near future. Third party and supplier risk was listed by those surveyed as a major challenge in the next six to 12 months.

Consequences of an attack

The risks of cyber attacks on supply chains are numerous and can have catastrophic consequences. A security breach goes beyond the theft of confidential data and the interruption of critical business operations; a successful cyberattack can even lead to physical damage to the infrastructure.

One of the most emblematic examples of a cyber-attack on the supply chain occurred at the end of 2020 on one of the leading companies in the development of software for managing networks and systems in the USA.

The attack impacted around 18,000 customers in a security incident that took place over nine months throughout 2020, before it was detected. Among the companies impacted were technology giants, US government agencies, among other prominent global organizations.

But the risk of attacks remains and new cases have been presented by the press in recent months, showing that different types of companies can be targeted by cybercriminals, including segments such as e-commerce and software service providers.

An example is the Japanese car manufacturer that suspended production at 14 plants in Japan for at least a day in response to a "system failure" at one of its component suppliers.

In a brief statement released on February 28, the manufacturer confirmed the temporary shutdown, which led, according to auto industry experts, to a 5% drop in its monthly production or the loss of around 13,000 units.

Another high-profile attack recently came to light against a logistics operator based in Seattle, Washington. The interruption of its global systems, as a result of a cyber attack, caused most of its operating systems to shut down, damaging operations even in Brazil.

How can you protect your company?

There are several different types of attack that can hit the supply chain. The most common include:

  • Malware attacks

These attacks involve infecting software or devices with malware that can allow attackers to gain access to confidential data or systems.

  • Phishing attacks

Attackers use phishing emails or other methods to trick individuals into revealing confidential information or downloading malware.

  • Man-in-the-middle attacks

In these attacks, attackers insert themselves into communications between two parties in order to spy on or intercept data.

  • Denial of service attacks

These attacks overload systems with traffic or requests, making them unavailable to legitimate users.

In practice, there are several steps that companies can take to protect themselves against supply chain attacks, including:

1. implementing strong security measures with the support of reliable partners: companies must ensure that their own security measures are adequate to make it difficult for attackers to compromise their systems. Actions such as encrypting sensitive data, implementing access controls and managing vulnerabilities can help prevent attackers from gaining undue access to systems.

2. Carrying out background checks on suppliers: organizations should examine their suppliers carefully to avoid doing business with those who may be more vulnerable to attack. Regular security audits can help companies identify problems and ensure that suppliers are complying with best practices.

3. Keeping systems up to date: organizations must regularly update their software and devices to correct any security vulnerabilities that could be exploited by attackers.

4. Employee awareness to strengthen security: employees should be trained on how to identify phishing emails and other signs of attack. They should also know what to do if they think they have been targeted. Communication and awareness of risks and correct conduct in the digital environment should permeate the organizational strategies of all companies, regardless of size or segment.

There are measures that companies can take to protect themselves, but most are not doing enough. If you want to keep your company safe from cyber attacks, make sure you're following the best data security and protection practices.

Enlist the help of cybersecurity partners to ensure that your company is on the right track by certifying that your security actions are adequate. Partnering with reliable suppliers is also important to reduce the risk of supply chain attacks.