Michael Carr at Six Degrees argues that in order to enhance supply chain security, businesses must understand the key security threats across each link in the supply chain
Businesses have never been more reliant on supply chains to deliver products and services to their end users. Whether it’s sourcing parts from suppliers or working with logistics firms to transport products around the world, supply chains are critical to a business’ operational integrity.
Hackers know this, and will actively target businesses in a supply chain in order to disrupt their operations and gain a foothold into business’ environments. And even if they don’t target a business through its supply chain, any disruptions to suppliers resulting from a cyber-attack can cause significant collateral damage to the business as a result.
Supply chain security: threats to the entire ecosystem
Many hackers will tailor their cyber-attack methods according to whereabouts in the supply chain ecosystem they are targeting. But there will always be cyber-attacks that are used throughout. Let’s start by looking at these:
- Phishing emails are sent by hackers to trick users into installing malicious software or taking actions that facilitate further compromise.
- Ransomware encrypts files within an infected network, rendering them unusable until a ransom is paid or the victim is able to restore from backups. There is also the additional common tactic of stealing data to further compound the impact of ransomware.
- Business email compromise attacks infiltrate or impersonate email accounts in order to issue instructions to send bank transfers to hackers.
Phishing, ransomware and business email compromise are three of the most commonly used cyber-attack methods in 2021. The cyber security landscape is constantly evolving, as hackers adapt their approaches to exploit gaps opened up by new technologies and operating requirements.
By understanding who’s attacking a business and how, the business will stand a better chance of repelling these attacks and maintaining operational integrity.
Manufacturing, where uptime and productivity are everything, has become the most targeted sector for cyber-attacks in 2021. Here are some of the methods hackers use to target manufacturers:
- Supervisory control and data acquisition (SCADA) systems are high value targets for hackers, who can hold manufacturers to ransom by rendering them unusable.
- ERP and CRM systems hold valuable, commercially-sensitive data that – if leaked – can lead to fines and damage to customer confidence.
- Internet of Things (IoT) devices, increasingly an essential component in manufacturing processes, if not patched properly are vulnerable to exploits to gain a foothold into the environment.
- Manufacturers often face espionage attempts from rivals and even nation states, attempting to steal high-value intellectual property.
- Disgruntled employees with knowledge of systems, applications and data pose a threat to manufacturers if not addressed by appropriate role-based access controls.
In today’s hybrid working world, businesses are more reliant than ever on logistics firms to transport goods throughout the supply chain. Hackers know this, and are increasingly targeting logistics firms with ransomware attacks.
- Hackers can use brand impersonation to mimic logistics firms’ online presence and trick employees or customers into exposing their credentials.
- If frontline workers lose their mobile devices, they risk exposing sensitive information held in ERP and CRM systems.
- Hackers have been known to exploit misconfigured code in logistics firms’ web applications to gain access to sensitive internal systems.
- Customers are now used to seeing the progress of their deliveries. Hackers can access the internet-facing applications that provide these progress updates, compromising service delivery and potentially accessing internal systems.
Retail is one of the most targeted sectors for cyber-attacks in 2021. The coronavirus pandemic has forced retailers to adapt to survive, regardless of their size. While smaller retailers have begun moving to card payments and online operations, larger retailers have focused on harnessing big data to achieve efficiencies and maximise profit margins.
This has introduced new threat vectors as retailers’ attack surfaces have expanded, and these threat vectors are being exploited by hackers keen to steal money and confidential financial information. Unique cyber-threats to retailers include:
- Hackers have been known to exploit misconfigured or outdated code in retailers’ ecommerce web applications to gain access to sensitive internal systems or payment processes.
- Distributed denial of service (DDoS) attacks target retailers’ ecommerce platforms, flooding servers with requests that prevent customers from placing orders – reducing revenue and damaging consumer confidence.
Mapping out the key threats you face
Now is not the time for businesses to rest on their cyber security laurels – supply chain security should be taken seriously by all businesses if they are to minimise the risks they face.
Supply chain security doesn’t need to be onerous to implement. By applying diligence and best practices, and understanding upstream and downstream threats and dependencies, businesses can safeguard their operational integrity and build trust with other businesses that sit throughout their supply chains.
Michael Carr is Head of Strategic Development at Six Degrees, a leading secure cloud-led managed service provider that works as a collaborative technology partner to organisations making a digital transition.
Main image courtesy of iStockPhoto.com