The question that keeps the CISO awake is: How do we ensure reliable cybersecurity along the entire supply chain? A series of high-profile cyberattacks this year has only underscored the importance of this topic.
If you have kids, you may be familiar with the online game Among Us. In it, players run around a space station and complete missions – until one of them gets killed. Then the remaining players have to guess which one of them is the killer and wreaks havoc. About the same thing happens now with cyberattacks on supply chains. From CloudHopper to SolarWinds, businesses have seen how email fraud and account compromise is taking down entire systems. What’s alarming is that companies can no longer rely solely on their security systems. Attackers only need to break through the protection of one company in the supply chain, and the door to everyone else in it opens.
The close interconnectivity between companies only plays into the hands of cybercriminals. When companies share data and assets, their vulnerabilities only multiply. This process can be compared to the dominoes falling one by one.
How do criminals work?
The main method cybercriminals use to attack supply chains is to pretend to be someone else. Cybercriminals can spend months tracking employees‘ social media accounts and company press releases to get into the details of the supply chain. Then, they determine where they can slip in to trick employees, redirect invoices or induce employees to participate in phishing scams.
As large companies more often hire cybersecurity teams that can assess and contain the risk of such attacks, criminals are increasingly targeting smaller players. It’s the smaller companies that can give attackers that precious key to the massive data of global companies.
If ten years ago only the most sophisticated cybercriminals, usually sponsored by hostile governments, could disable national infrastructure and global businesses, now things have changed. According to the National Cyber Security Center, individual hackers carrying out ransomware attacks pose a greater threat to national security than ever before.
Is it possible to have reliable cybersecurity along the entire supply chain?
Anything is possible if all companies recognize their shared responsibility for supply chain cybersecurity. Everyone’s top priority is to ensure their security to protect stakeholders, customers, and customers. However, according to the DCMS 2021 study, only 12 percent of British businesses reported cybersecurity risk from their suppliers.
That is a sobering statistic that reflects a general disregard for cybersecurity on the part of senior executives. CISOs regularly express concern about the lack of resources.
Cybersecurity compliance assessments throughout the supply chain should be an integral part of every business operating in today’s online world, and suppliers need to have at least minimal cybersecurity requirements.
The fact is, the weakest link determines supply chain security, and we must not forget that.