CYBER SECURITY TERMINOLOGY EXPLAINED

What Are Supply Chain Attacks?

Defining Supply Chain Attacks

Third parties are essential components to the structure of many businesses whether they be products, services, or systems. The problem is, these external suppliers add extra levels to your cyber risk, especially as supply chains can be complicated structures. If one business in a supply chain gets attacked, it can affect all businesses in the chain unless everyone is properly secured. You likely can’t fully control everyone in your chain, but you can protect yourself.

Criminals are increasingly targeting vulnerable links within supply chains, the result of which can be catastrophic for the businesses involved. These are called Supply Chain Attacks and they can be software or hardware based, in any industry not just manufacturing. Hackers are always adapting their attack methods too, so you should be continually adapting your defence systems.

Types of supply chain cyberattacks

There are four main types of supply chain cyberattacks:

  • Third party software providers
    • Hackers infiltrate software vendors and add infected malware into the vendor’s legitimate software, which is then “trojanised” onto the unsuspecting buyer.
  • Managed Service providers
    • If your IT company gets attacked, they have full access to your systems so likely you’re next in the chain.
  • Third party data stores
    • Many businesses use third party storage for their data. This not only includes client or customer information but details about the businesses themselves. If this information gets compromised via an attack on the third party store, the criminals have all your information.
  • Website builders
    • If a website builder platform used by gets hacked, legitimate websites can become compromised.
  • Watering hole attacks
    • This is an attack on a website or platform which is commonly used by employees within a business or sector. The attacker infects the “watering hole” with malware which then spreads throughout the wider target organisation.

How to avoid supply chain attacks

And there are four principles to help you manage the risk posed by your supply chain:

  • Understand the risks – this can be done via a vulnerability assessment
  • Gain control – if you’ve lost control you’re not able to understand your risks. This may require some contractual changes and improved due diligence for new suppliers.
  • Assurance – establish confidence that you have reduced as many of your vulnerabilities as possible
  • Maintenance – cybersecurity should be ongoing. As the supply chain evolves, so should your defence mechanisms

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.