What is a
supply chain attack
and how can
suppliers mitigate
their risks?

Author: Satta Sarmah Hightower

Supply chain attacks are predicted to quadruple in 2021 and unfortunately, various forms of cyber attacks have become the norm across nearly every industry. Cybersecurity Ventures has predicted that, by 2031, a new attack will occur every two seconds.

Organizations face not just external threats but also insider threats from employees, partners and suppliers. Supply chain attacks, in particular, have risen because hackers increasingly view suppliers as a stepping stone to higher-value targets. If your company supplies goods or services to another company, not prioritizing security or not working to prevent a supply chain attack could lead to lost business and other financial and reputational risks that hurt the valuable partnerships you've developed with customers.

The business imperative for stronger supply chain security

As organizations quickly shifted to remote work environments over the last 18 months, we've seen an increase in cyber attacks.

2020 was the worst year on record for cyber attacks, according to the FBI, with a total of $4.2 billion in financial losses for organizations due to these attacks. The average cost of a data breach has now risen from $3.86 million to $4.24 million, demonstrating just how severe the financial impact of security incidents can be.

In the current threat environment, companies are more focused than ever on taking proactive steps to mitigate their risks and prevent supply chain attacks. Many enterprises are aware of vendor risks and how this impacts their bottom line. As a supplier, you must demonstrate strong security habits to remain in business with companies. Business is all about relationships and trust, and when a company feels they can't trust you to protect their valuable business intelligence—or your company hasn't taken even the simplest actions to protect them—they'll be less likely to engage with your business thereafter.

In one recent study that surveyed risk management professionals, 31% of respondents said their organizations have vendors they considered a material risk if a data breach occurred. Whether your business supplies air filtration systems to a Fortune 500 company, vending machines to office parks across the country, or inventory tracking software to restaurants, security must come first to mitigate security risks to you and your customers.

What is a supply chain attack? Security vulnerabilities for suppliers

Hackers have become more sophisticated in their approach and are exploring every attack vector possible to reach high-value targets. If suppliers are more focused on their core business instead of security, they can present a ripe opportunity for hackers. Suppliers may have basic password security or even two-factor authentication, but using robust threat detection and response solutions can help strengthen their cyber security posture.

What is a supply chain attack? Hackers conduct supply chain attacks in several ways. They might hijack hardware devices to copy and encrypt their data on an ongoing basis—even after they're distributed to users. Cyber criminals also might infiltrate a supplier's underlying technology infrastructure and install malicious software so when employees update their applications or devices, they are automatically infected with malware.

Hackers might also insert malicious code into open source libraries, so when developer teams use this code to create applications, the software provided to customers is already compromised. In other cases, it may just be a standard ransomware or phishing attack, compromised credentials, or a stolen password that allows hackers to gain unauthorized access to a supplier's mission-critical business systems.

With all these threats, your company must be proactive to prevent a supply chain attack and protect the customers who have entrusted you with their business.

Proactive defense: How suppliers can strengthen security

As a supplier, it's vital to take steps to improve your threat defense, building and executing a plan to protect your business partnerships.

One of the simplest things you can do is increase your own employees' cyber awareness. One study conducted by a team of security researchers and professors at Stanford University found 88% of data breaches are caused by human error and Verizon’s 2021 Data Breach Investigations Report revealed a similar pattern, with 85% of breaches it studied involving the human element. Training employees to spot a phishing email or teaching them about proper password security can go a long way toward protecting your company and its key business relationships.  You can use a number of free resources online, including the National Initiative for Cybersecurity Education, to increase your team's cyber security knowledge. Further, employees should be encouraged to agree to an Acceptable Use Policy (AUP) that outlines what they can and cannot do with corporate IT assets. Verizon’s 2021 Mobile Security Index offers tools for companies to develop a UAP.

Managed security services also can strengthen your company's security posture. With so many security solutions on the market, it can be difficult to know which solution or suite of products will work best for your business. This is why enlisting the help of a managed services provider can prove beneficial.

A managed services provider will offer a unified platform, a suite of services, or interoperable solutions that streamline security operations for your company. This can include 24/7 threat monitoring, mobile device management—for strengthening smartphone security, tablets, and other remote access devices—and endpoint management to help you track all the devices, applications, and systems that connect to your wireless network.

Identity and access management solutions that monitor and grant access to authorized users, along with managed detection and response services, can also help your company prevent a breach or quickly recover in the event a security incident occurs. Depending on the nature of your business and what you can afford to invest in, you may only need a few of these solutions. However, each of these technologies can contribute to a multi-layered approach to security overseen by a managed services provider that defends against supply chain attacks.

As the threat landscape evolves, every supplier will need to prioritize security and be more aggressive about reducing their risks. Your customers trust you to protect their valuable data. Honor that trust by doing everything in your power to prevent a supply chain attack with an evidence-based cyber risk management program.

Learn more about how Verizon can help you build an evidence-based cyber risk management program and improve your threat defense.