We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • ::COVID-19 COVERAGE::
  • INDUSTRY PRESS ROOM
  • ABOUT
  • CONTACT
  • MEDIA FILE
  • Create Account
  • Sign In
  • Sign Out
  • My Account
Free Newsletters
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • MODEX 2022
    • Upload Your Video
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • MODEX 2022
    • Upload Your Video
Home » Blogs » One-Off Sound Off » How Hackers are Exploiting Supply Chain Vulnerabilities

One-Off Sound Off
One-Off Sound Off RSS FeedRSS

One Off Sound Off
Would you like to submit a guest blog post to DC VELOCITY? Fill out the submission form.
Supply Chain Security
Clive madders

Clive Madders is Chief Technical Officer and Assessor at Cyber Tec Security. With over 25 years' experience in the industry, Clive has built up an extensive repertoire as an Enterprise Solution Architect, delivering managed ICT support services, cyber security certifications, and advanced monitoring solutions to help improve the cyber security maturity of business across the UK.


How Hackers are Exploiting Supply Chain Vulnerabilities

April 21, 2022
Clive Madders
No Comments

Global supply chains have been dealing with challenges from every angle over the past couple of years, made worse by the COVID pandemic. In 2022, companies will likely be under increasing pressure as they continue to tackle shortages, delays, and pricing increases within the supply chain. On top of this, the ever evolving cyber threat is impacting supply chains everywhere. Companies must improve cyber risk management among suppliers to support supply chain efficiency and reduce the chance of cyber attack.

Supply chain attacks are a serious cause for concern in the cyber security space since the damage can be so widespread, and this is exactly why they have become a popular method for cyber criminals. Nowadays, supply chains are complicated webs of businesses that are adopting more digitized processes and technologies, expanding the attack surface. Just one vulnerability in a supplier’s systems can cause extensive disruption and give a hacker access to a whole chain of organizations. 

Since the first biggest supply chain attack to hit the media in 2013 on American store Target, we’ve seen these attacks rise exponentially and around 84% of organizations now believe software supply chain attacks will be one of the biggest cyber threats to businesses within the next three years.  

There are a range of supply chain attack methods used by cyber criminals but some of the most common involve planting malware within a company’s systems before it’s distributed to users. This was the case in the well known SolarWinds attack of 2020. Malicious code was injected into Orion’s software build before it was rolled out to around 18,000 customers, including major corporations like MasterCard and PwC as well as government agencies, although the number of customers ultimately impacted is now predicted to be lower than 100. Other common threat vectors for supply chain attacks can include:

  • Third-party software providers
  • Data storage solutions
  • Development or testing platforms
  • Website building services.

Often, hackers will target smaller companies within a supply chain as these are less likely to have advanced security solutions implemented thus making them easier to breach. If that company is a supplier to much larger enterprises, hackers can then use them as a foothold to gain more valuable data and corporate resources. 

The impact of a supply chain attack like SolarWinds is significant. Financial losses can accumulate because of a variety of factors including regulatory fines, investigatory costs and reputation management. These incidents can leave a lasting impression, affecting consumer trust down the line and consequently company revenue. It’s therefore vital for all organizations to tackle the supply chain threat, no matter the size or sector. 

Supply chain security best practices

In essence, any supplier with access to your systems and data has the potential to pose a risk for your business. If a supplier does not follow best security practices, there is a high chance of them being breached, which is why it is important to go beyond assessing your internal security posture and look outwards to your wider supply chain. Organizations may do this to an extent but many, especially larger ones, have a huge number of suppliers and so while they might be risk assessing their most direct suppliers, sub-contractors or ad hoc suppliers can be overlooked. Any one of these lower tier suppliers may offer a backdoor for the hacker, so neglecting to vet them properly can add serious risk to your supply chain. 

Identify your data: To formulate a clear picture of your supply chain and ultimately where the vulnerabilities could lie, it’s important to keep track of where your data is being held and who has access to it. How are your suppliers protecting and storing data? What user access controls do they have in place? Are they conducting proper employee background checks and terminating access when an employee leaves the company?

Establish security expectations and communicate these to your suppliers: Being transparent with suppliers about what standards you want them to adhere to will help to encourage a trusting relationship as well as ensure that everyone understands where they need to be in terms of security. These requirements can be set out in a supplier policy for additional clarity. 

Things like malware protection, patching expectations and access controls will be important here but it’s important to remember that cyber security goes beyond technology. Making sure suppliers have good processes and policies to keep human error to a minimum will also be critical to reducing the chance of a breach. 

Many businesses will ask that suppliers meet a recognized third-party cyber security standard as this makes it easier for both the suppliers to know what security measures and controls they must implement, and also for the business to see evidence of this being done, since most standards will involve a certification of sorts. In the US, some popular ones include NIST and HIPAA and in the UK, the Government’s Cyber Essentials covers core security controls that every business should comply with. There is also the internationally recognized ISO series, particularly 27001 which helps businesses establish a high-level Information Security Management System.

Ensure suppliers are reporting incidents: If your supply chain does suffer an attack, it’s important to be able to locate the source as quickly as possible and contain the damage because these types of attacks can spread fast. If a supplier discovers suspicious activity, there should be processes in place which require the supplier to take steps to identify the attack source and notify you of what’s happened. You should have a risk communication plan in place so it is clear whose role it is to communicate what. Once you know there is a situation, your business can then react accordingly.

Monitor and Maintain: Cyber security and supply chain risk management is an ongoing process. As cyber threats evolve and cyber criminals become more sophisticated in their attacks, your strategies may need to change, so it’s necessary to regularly review both your internal set up and that of your suppliers and ensure you stay on top of any vulnerabilities that a hacker could exploit.

While you cannot completely mitigate the risk of a cyber attack on your supply chain, more can be done to get a better oversight of all your individual suppliers and the vulnerabilities they could be exposing in their processes, policies and controls. Digitization in supply chains is necessary to satisfy rising consumer demands, and this is likely to develop further. Cyber security must therefore be seen as a top priority for those managing supply chains, with the goal of implementing a solid strategy for minimizing cyber risks that is reviewed and updated in line with today’s changing threat landscape. 

 

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular Articles

  • Now's the time to be a logistics professional

  • Autonomous trucking firms launch partnerships with freight transportation providers

  • Demand for piece-picking robots gains steam

  • Report: Delivery expectations intensify

  • Empty shipping containers stack up at U.S. port depots

Now Playing on DCV-TV

4fbb31a9 f7bf 4e1f b64f f0a3e195ef0f

Cubework alleviates e-commerce logistics challenges w/ flexible warehouse options

DCV-TV 4: Viewer Contributed
E-commerce firms, small and medium enterprises (SME), and e-tailers of all sizes have been hit hard by pandemic-driven supply chain and logistics issues. Online shopping demand is at an all-time high, and never before have last-mile logistics and warehousing been more important. But actually securing affordable and...

FEATURED WHITE PAPERS

  • Guide to Proven Warehouse Solutions

  • Five common misconceptions about running a private fleet

  • Optimize AS/RS With Advanced Warehouse Execution Software

  • The Value of Genuine Parts and Service

View More

Subscribe to DC Velocity Magazine

GET YOUR FREE SUBSCRIPTION
  • SUBSCRIBE
  • NEWSLETTERS
  • ADVERTISING
  • CUSTOMER CARE
  • CONTACT
  • ABOUT
  • STAFF
  • PRIVACY POLICY

Copyright ©2022. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing