Attention! Supply Chain Attacks have risen recently
Any cyber attack is dangerous, but attacks on supply chain companies are particularly devastating. These can be any provider of goods and services - digital or non-digital.
We have seen several supply chain attacks in 2021 that have had far-reaching consequences. These are "one-to-many" attacks, where the victims can extend far beyond the company that was originally attacked.
Some recent examples of supply chain attacks include:
Colonial Pipeline: A ransomware attack caused this major gas pipeline to shut down for nearly a week.
JBS: The world's largest supplier of beef and pork products was hit by a ransomware attack that caused factories in at least three countries to close for several days.
Why do you need to worry about supply chain attacks even more than in the past? Because they have increased and are expected to continue to increase.
Supply chain attacks increased by 42% in the first quarter of 2021. An astonishing 97% of companies were affected by a security breach in their supply chain, and 93% suffered a direct breach as a result of a supply chain security vulnerability.
If you are not properly prepared, the software you use may be attacked or a key service or goods supplier may be down for several days due to a cyber attack.
As part of good business continuity and disaster recovery strategy, you should review supply chain risks in light of the current increase in attacks and develop a plan.
You cannot fix what you do not know is wrong. Therefore, you must first illuminate your risk in the event that one of your suppliers is affected by ransomware (currently the most popular supply chain attack) or some other type of security breach.
Make a list of all your vendors and suppliers, both for goods and services. This includes everything from the cloud services you use to the company that supplies your office products or the raw materials you use for a product you sell.
Review these suppliers to identify their cybersecurity risks. You may need the help of your IT partner for this. OnyxIT can work with you to review the security of the suppliers or send them a survey to find out how their cybersecurity is doing and then identify the extent to which you might be at risk as one of their customers.
In just 3 minutes you could understand exactly what risks are facing your business, and how to protect yourself from them.
Get your free cyber security risk assessment.
Create some minimum security requirements that you can use as a benchmark with your providers. One way to facilitate this is to use an existing data protection standard as a requirement.
For example, if a provider complies with the GDPR compliant, you know they have several key cybersecurity standards in place that protect their business and yours from attack.
If the software you use has a vulnerability that is exploited by hackers to take over a system, what is the risk to your systems? Do you have a strategy for applying patches regularly to ensure that all software updates are applied immediately?
You should have an IT security audit if you have not done so for over a year. This will help you determine how well your systems can prevent an intrusion or ransomware infection by a digital supply chain provider. Book it now!
If you sell widgets and have only one supplier for a particular part needed for that widget, the risk of downtime is much higher than if you had two suppliers for that part.
If a key supplier of yours is attacked and cannot fulfill orders or provide services for a week or more, how does that affect your business? You should consider this when setting up backup suppliers.
For example, most businesses would assume that they cannot operate without their internet. If you have a backup internet service provider, you can avoid long periods of downtime if your main provider goes down.
Try to set up this kind of safety net for all the providers you have.
Microsoft recommends in its services agreement that customers back up their cloud data stored in its services (such as Microsoft 365). The policy states, "We recommend that you regularly back up your content and data that you shop in the Services or shop with third-party apps and services."
You should have a backup (on a separate platform) of all data you shop in cloud services so that you are protected in the event of a ransomware infection or other data or service loss.
Don’t be in the dark about your risk. Schedule a supply chain security assessment to learn where you could be impacted in the case of a cyberattack on a supplier.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund