Secure technology and global supply chains are two the main pillars that are sustaining our interconnected and very fast-moving modern world. As a result of this, those two pillars are not just important to the operations of global businesses, but have also become high value targets for cyber criminals and hacktivists. In fact, there has been a steady rise in supply chain cyber-attacks.
Although cyber risks have obviously been a huge focal point for companies, the scope is often limited to just 1st party exposure. All data breaches, malware and attacks on IT infrastructure of a company are viewed from a 1st person perspective. It’s sobering to note and worth highlighting though that the four biggest data breaches and cyberattacks to occur in the last few years have been possible because the criminals targeted and infiltrated the network of a supplier and used this as an entry point to the system, they were targeting.
The retailers Target and Home Depot suffered data breaches that resulted from hacks into 3rd party systems, as did RSA and the US Office of Personnel Management. Even more recently, in Ukraine the software update of an extremely popular accountancy software was reported to be the route of the NotPetya malware which spread through to the users of said software.
With this in mind, it’s important to understand that threats are possible along any point in the supply chain, and these threats can have multi-layered consequences. To help you understand the potential risks, we’re going to discuss some of the biggest below.
What are the Key Threats/Risks?
Most of the key risks and threats to supply chains result from the fact that the more employees that are required, the more these systems are opened to potential cyber security risks. The term ‘more people equals more problems’ comes to mind.
As these is a degree of sensitivity associated with the data used in supply chain operations, there is a need for a greater collaboration and education from top to bottom of good cyber security practices. However, this is where a lot of organisations fail.
The main threats therefore come from the following:
- 3rd party vendors or service providers, and this includes everything from janitorial services and maintenance to software engineering and more pertinent systems, that have virtual or physical access to IP, software code or information systems.
- Poor or even inferior practices revolving around information security, at any point in the supply chain of a company, but particularly by the lower-tier suppliers
- Hardware or software that is purchased from suppliers and already compromised or infected with some kind of virus or something similar.
- Any security vulnerabilities in the software used with supplier or supply chain management systems.
- Hardware or counterfeit hardware that has been embedded with malware
- 3rd party data aggregators or data storage
It is therefore important for an organisation to identify these risks and threats to its supply chain, and take measures to ensure each step of the supply chain is appropriately secure and protected.