“Supply chains are fundamental to modern businesses, from courier services to construction companies, from small accounting firms to gardening services, every business has a network of partners and suppliers delivering physical and digital products and services. SMB owners may think that supply chain attackers target only big companies, but this not the case. By targeting a single supplier, attackers can compromise hundreds of clients, many of them SMBs.” Alan Hawkins, GM: Software and Security, Tarsus Distribution
In July 2021 a devastating cyberattack on its transport infrastructure forced Transnet to manually process container shipments at the Port of Durban, sub-Saharan Africa’s biggest container hub, as well as the Ngqura, Port Elizabeth and Cape Town harbours, resulting in major delivery delays and congestion.
According to the European Agency for Cybersecurity, supply chain cyberattacks will only become more common in future. In its analysis of recent attacks, Enisa reported that strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.
Supply chain attacks are extremely harmful
Wired explains why supply chain attacks are so damaging. These attacks compromise the legitimate hardware and software that makes up a business’s network at the source, slipping in malicious code or components: “By compromising a single supplier, spies or saboteurs can hijack its distribution systems to turn any application they sell, any software update they push out, even the physical equipment they ship to customers, into Trojan horses. With one well-placed intrusion, they can create a springboard to the networks of a supplier’s customers – sometimes numbering hundreds or even thousands of victims.”
Simply, it’s finding a weak point that allows access at a one-to-many scale, and it’s also a particularly pernicious trend because it makes everyone worry about whether their vendors’ codes are secure and whether they are doing everything they can to be more cybersecure.
Supply chains are fundamental to modern businesses, from courier services to construction companies, from small accounting firms to gardening services, every business has a network of partners and suppliers delivering physical and digital products and services.
SMB owners may think that supply chain attackers target only big companies, but this is not the case. By targeting a single supplier, attackers can compromise hundreds of clients, many of them SMBs. Every company in a supply chain must assume they are a potential target and must know how to prevent supply chain attacks by securing their data and networks accordingly.
There are three key ways SMBs can protect their supply chain:
- Evaluate your supplier network
How much company information do your third-party suppliers have access to? How are they using that data, and who controls access to it? It is vital to set up a relationship of trust with suppliers and gain cooperation from them to identify potential risks present in the supply chain and work towards eradicating them.
Find out what policies and procedures they have in place to protect data and manage information risk. Strong authentication encryption, security awareness training and regular IT security control checks should be non-negotiable. It is also advisable to audit all vendors annually to ensure that they are complying with these standards.
- Determine the risks associated with third-party suppliers
Some companies are more attractive than others when it comes to supply chain attacks. A vendor that possesses large amounts of valuable customer information is high risk. Attackers may be tempted to target an SMB’s systems to gain access to high-value networks. When hackers attacked US-based Kaseya, they held more 1 000 companies to ransom. When working with these types of vendors, it’s important for SMBs to ensure that the right systems are in place to safeguard everyone’s data assets.
- Never be too confident about the safety of a supply chain
Cybersecurity should be a top priority for every business, regardless of size. You need to be aware of all the latest threats that are in circulation and keep employees updated too.
Ensure that your software is up to date and bring in independent experts to audit the security of your entire IT infrastructure and set up solutions for continuous security monitoring of all applications. These actions will help to protect your business from the potentially serious financial and reputational damage than can follow a supply chain attack.