We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • INDUSTRY PRESS ROOM
  • ABOUT
  • CONTACT
  • MEDIA FILE
  • Create Account
  • Sign In
  • Sign Out
  • My Account
Free Newsletters
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
Home » Blogs » One-Off Sound Off » How Hackers are Exploiting Supply Chain Vulnerabilities

One-Off Sound Off
One-Off Sound Off RSS FeedRSS

One Off Sound Off
Supply Chain Security
Clive madders

Clive Madders is Chief Technical Officer and Assessor at Cyber Tec Security. With over 25 years' experience in the industry, Clive has built up an extensive repertoire as an Enterprise Solution Architect, delivering managed ICT support services, cyber security certifications, and advanced monitoring solutions to help improve the cyber security maturity of business across the UK.


How Hackers are Exploiting Supply Chain Vulnerabilities

April 21, 2022
Clive Madders
No Comments

Global supply chains have been dealing with challenges from every angle over the past couple of years, made worse by the COVID pandemic. In 2022, companies will likely be under increasing pressure as they continue to tackle shortages, delays, and pricing increases within the supply chain. On top of this, the ever evolving cyber threat is impacting supply chains everywhere. Companies must improve cyber risk management among suppliers to support supply chain efficiency and reduce the chance of cyber attack.

Supply chain attacks are a serious cause for concern in the cyber security space since the damage can be so widespread, and this is exactly why they have become a popular method for cyber criminals. Nowadays, supply chains are complicated webs of businesses that are adopting more digitized processes and technologies, expanding the attack surface. Just one vulnerability in a supplier’s systems can cause extensive disruption and give a hacker access to a whole chain of organizations. 

Since the first biggest supply chain attack to hit the media in 2013 on American store Target, we’ve seen these attacks rise exponentially and around 84% of organizations now believe software supply chain attacks will be one of the biggest cyber threats to businesses within the next three years.  

There are a range of supply chain attack methods used by cyber criminals but some of the most common involve planting malware within a company’s systems before it’s distributed to users. This was the case in the well known SolarWinds attack of 2020. Malicious code was injected into Orion’s software build before it was rolled out to around 18,000 customers, including major corporations like MasterCard and PwC as well as government agencies, although the number of customers ultimately impacted is now predicted to be lower than 100. Other common threat vectors for supply chain attacks can include:

  • Third-party software providers
  • Data storage solutions
  • Development or testing platforms
  • Website building services.

Often, hackers will target smaller companies within a supply chain as these are less likely to have advanced security solutions implemented thus making them easier to breach. If that company is a supplier to much larger enterprises, hackers can then use them as a foothold to gain more valuable data and corporate resources. 

The impact of a supply chain attack like SolarWinds is significant. Financial losses can accumulate because of a variety of factors including regulatory fines, investigatory costs and reputation management. These incidents can leave a lasting impression, affecting consumer trust down the line and consequently company revenue. It’s therefore vital for all organizations to tackle the supply chain threat, no matter the size or sector. 

Supply chain security best practices

In essence, any supplier with access to your systems and data has the potential to pose a risk for your business. If a supplier does not follow best security practices, there is a high chance of them being breached, which is why it is important to go beyond assessing your internal security posture and look outwards to your wider supply chain. Organizations may do this to an extent but many, especially larger ones, have a huge number of suppliers and so while they might be risk assessing their most direct suppliers, sub-contractors or ad hoc suppliers can be overlooked. Any one of these lower tier suppliers may offer a backdoor for the hacker, so neglecting to vet them properly can add serious risk to your supply chain. 

Identify your data: To formulate a clear picture of your supply chain and ultimately where the vulnerabilities could lie, it’s important to keep track of where your data is being held and who has access to it. How are your suppliers protecting and storing data? What user access controls do they have in place? Are they conducting proper employee background checks and terminating access when an employee leaves the company?

Establish security expectations and communicate these to your suppliers: Being transparent with suppliers about what standards you want them to adhere to will help to encourage a trusting relationship as well as ensure that everyone understands where they need to be in terms of security. These requirements can be set out in a supplier policy for additional clarity. 

Things like malware protection, patching expectations and access controls will be important here but it’s important to remember that cyber security goes beyond technology. Making sure suppliers have good processes and policies to keep human error to a minimum will also be critical to reducing the chance of a breach. 

Many businesses will ask that suppliers meet a recognized third-party cyber security standard as this makes it easier for both the suppliers to know what security measures and controls they must implement, and also for the business to see evidence of this being done, since most standards will involve a certification of sorts. In the US, some popular ones include NIST and HIPAA and in the UK, the Government’s Cyber Essentials covers core security controls that every business should comply with. There is also the internationally recognized ISO series, particularly 27001 which helps businesses establish a high-level Information Security Management System.

Ensure suppliers are reporting incidents: If your supply chain does suffer an attack, it’s important to be able to locate the source as quickly as possible and contain the damage because these types of attacks can spread fast. If a supplier discovers suspicious activity, there should be processes in place which require the supplier to take steps to identify the attack source and notify you of what’s happened. You should have a risk communication plan in place so it is clear whose role it is to communicate what. Once you know there is a situation, your business can then react accordingly.

Monitor and Maintain: Cyber security and supply chain risk management is an ongoing process. As cyber threats evolve and cyber criminals become more sophisticated in their attacks, your strategies may need to change, so it’s necessary to regularly review both your internal set up and that of your suppliers and ensure you stay on top of any vulnerabilities that a hacker could exploit.

While you cannot completely mitigate the risk of a cyber attack on your supply chain, more can be done to get a better oversight of all your individual suppliers and the vulnerabilities they could be exposing in their processes, policies and controls. Digitization in supply chains is necessary to satisfy rising consumer demands, and this is likely to develop further. Cyber security must therefore be seen as a top priority for those managing supply chains, with the goal of implementing a solid strategy for minimizing cyber risks that is reviewed and updated in line with today’s changing threat landscape. 

 

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular Articles

  • Fred Smith is not worried about Amazon

  • Outlook 2023: What’s in store for logistics/supply chain?

  • Ports, maritime operators see tide turning as ocean freight tsunami subsides

  • In Person: Steve Beverly of Penske

  • InPerson interview: Rob McKeel of Fortna

Now Playing on DCV-TV

89cfed30 8aac 4284 960d c8c8c1886e16

Have you checked your read rate lately?

DCV-TV 4: Viewer Contributed
No reads. Unaccounted for boxes. Boxes sent to the wrong place. A logistics nightmare! But this nightmare doesn’t have to come true. SICK’s linear line scan camera is what dreams are made of for your logistics operations. And if you’re worried about motion and vibration from conveyor belts...well, there’s no reason...

FEATURED WHITE PAPERS

  • The five best applications for robotic lift trucks in warehouse environments

  • Fulfillment Facility Improved Efficiencies by 4x

  • 3PLs: Complete Orders Faster with Flexible Automation

  • Reusable Packaging for the New Wave of Supply Chain Automation

View More

Subscribe to DC Velocity Magazine

GET YOUR FREE SUBSCRIPTION
  • SUBSCRIBE
  • NEWSLETTERS
  • ADVERTISING
  • CUSTOMER CARE
  • CONTACT
  • ABOUT
  • STAFF
  • PRIVACY POLICY

Copyright ©2023. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing