Why There's Been a Rise in Supply Chain Attacks

Supply chains can be referred to as the ecosystem of businesses and processes which are necessary to create, manufacture and distribute a product or service. They consist of a variety of assets which will help an organisation function. Examples of this include:

Software providers
Web developers
Business partners
Defence systems

The rise in cyber-attacks relating to supply chains has increased dramatically with research now suggesting that up to 50% of all cyber-attacks now target supply chains. In addition to this, an ENISA report in July 2021 predicted that supply chain attacks would multiply by four times by the end of the year. Therefore, we want to explain why this could be the case.

Big Target

One of the reasons supply chains have been targeted so heavily is because if the cyber-attack is successful then it can impact a wide range of businesses who rely on the supply chain to function. This can allow the cybercriminal to access a vast amount of valuable personal or financial information.

Another reason for targeting supply chains is because it is often considered to be the weakest link in the security chain therefore it is an easier target for cybercriminals. Therefore, if a cybercriminal is targeting a certain company but needs an easier way to infiltrate them then they may turn to the supply chain in order to complete their attack. The ENISA report also stated that 62% of the attacks exploit the trust of customers in their suppliers meaning it is not a typical assumption by businesses that they need security against their suppliers.

Poor Cyber Security Awareness

Another reason for the increase in supply chain attacks is many companies have moved to online platforms to do their work which increases the risk of them suffering a cyber-attack. There are many reasons for this, due to a lack of awareness on how the software should be set up, used and the protocols involved.

For example, many employees will instinctively set weak passwords; research conducted by SecureAUTH suggests that up to 53% of people use the same password across multiple platforms. This is a big security risk for a business. In addition to this, there could be a lack of security protocols and backup plans in place for the software used which increases the risk of a cyber-attack; as well as an extended period of recovery time due to the loss of significant data.

Insider Threats

Insider threats can also be a reason as to why there has been an increase in cyber-attacks on supply chains. These are unlikely to happen as often as other kinds of threats, however, they are not uncommon. You cannot know all the reasons as to why someone does this although, the main motivators for this attack will include financial gain or government initiatives.

To prevent this kind of attack from occurring strict background checks on employees should be done so you can identify if there is a reason to be concerned about an employee’s behaviour. Furthermore, you could track employees’ movements online to check if they have done anything suspicious or maliciously.

Finally, insider threats can also be accidental, so it is worth training staff on the types and warning signs of cyber-attacks. This can minimise the risk of one occurring because staff will know what to look out for and will be able to mitigate the risk.

Malware

Malware can be a serious problem for supply chains because it can be hard to detect until it is too late; this is because it can be deeply hidden within legitimate apps. Malware is known as malicious software or code which can exploit vulnerabilities in unpatched, unsecured, or outdated software with the intention of causing harm to a device or a network. The ENISA report found that 62% of all attacks on supply chains rely on malware which shows this is a common issue. Examples of this include:

Ransomware
Spyware
Command and Control

This is a problem because when a vast number of businesses rely on the software which is infected, all their sensitive information can be easily stolen or wiped. Every business the supply chain works with will be at risk which means the knock-on effect can be devastating for supply chains and businesses alike. The repercussions of this can be very expensive for businesses if they: