What You Need to Know About Supply Chain Cyber Attacks

As a business owner or manager, you know that cyber-attacks are a severe threat to your company. But did you know that supply chain attacks are on the rise and can have even more devastating consequences than other cyber attacks?

  • A breach in their supply chain has impacted 97% of companies, and 93% suffered a direct breach due to a supply chain security vulnerability.
  •  The first quarter of 2021 saw nearly a 50% increase in Supply Chain attacks alone; this increase in frequency will continue to rise.

You can’t afford to be unprepared for a cyberattack. In today’s business climate, it’s more important than ever to have a good business continuity and disaster recovery strategy that considers the increased risk of supply chain attacks.

Without one, the impact can be potentially devasting. A business-critical service or a supplier that goes down for days due to a cyberattack can leave unprepared businesses where they cannot operate. Financial damage in some cases is un-recoverable.

Identifying risk in your supply chain

You can’t fix what you don’t know is wrong. You should identify the risk and the impact on your business should one of your vendors get hit with a cyber security breach.

Make a list of all your vendors and suppliers, both for items and services. This should include everything from the cloud services you use to the company that provides office supplies or anything you may use in a product or service you sell to customers.

Examine these organisations to see what kind of cybersecurity threats they may present, which might need the assistance of your IT partner. We can assist you in reviewing vendor security and discovering where they stand with cybersecurity and whether it leaves you at risk as one of their customers. We can assess how much that poses for you.

Creating minimum security requirements for Suppliers

Create some minimal security criteria that you can use as a baseline with your vendors. Using an existing data privacy standard as a benchmark can also help you. Many exist; Cyber Essentials is a good starting point for businesses that aren’t doing this. However, we would recommend speaking to an expert to understand your options and the benefits of each.

For example, a GDPR, ISO27001 or Cyber Essentials Plus compliant company indicates they have adopted several necessary cybersecurity standards that protect their business, and yours, from an attack.

Understand your vulnerabilities with a security assessment

As a business leader, it’s essential to understand your organisation’s exposure to cyber security risk and take steps to mitigate it. A security assessment can help you identify your vulnerabilities and how well your systems would hold up against a breach or ransomware infection. If you haven’t done one in over a year, it’s time to schedule one.

Create a backup strategy for your vendors and suppliers

Businesses need to understand their exposure to cyber security risks and take steps to mitigate them. Having a backup plan for your vendors and suppliers is one way to do this. If your primary supplier for a critical part needed for your product or service is attacked and you can’t fulfil orders, you need to be prepared. Having a backup supplier can help avoid lengthy downtime.

For example, most businesses would consider themselves “down” and unable to operate without an internet connection. If your primary ISP goes down, a backup internet service provider can assist in avoiding lengthy downtime by providing a backup. Consider establishing this approach for all suppliers who provide business/revenue critical products and services.

Backup data stored in Cloud Services using third-party services

In case of a ransomware attack, other data loss or service outage, you should have a backup (in a different platform) of all data stored in cloud services.

Microsoft recommends that customers back up their cloud data in its services (for example, as part of a Microsoft 365 subscription). “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” Microsoft Services Agreement policy reads.

Schedule supply chain and your cyber security reviews

Don’t put your head in the sand about your company’s exposure to risk. Schedule a supply chain security assessment to learn what could impact you in the case of a cyberattack on a supplier. By understanding your vulnerabilities, you can take steps to mitigate any potential damage and keep your business running smoothly. Contact our team today for more information or to get started!

Gregory Olczyk

Gregory Olczyk