A cyber attack on supply chains will target the less secure elements of a company’s supply chain, with the intent to cause serious disruption to those at the end of the attack.
Companies and businesses within the logistics sector regularly transfer sensitive information electronically, as it simplifies and speeds up communications between multiple organisations.
However, this does make sensitive information more susceptible to cybercrime. The more links in a supply chain, the more vulnerable it can become which highlights the importance of securely handling and storing your data.
Cybercriminals also target supply chains as a means of reaching the broadest possible audience with their attacks. Identifying and compromising one strategically important company is an efficient use of resources which may result in a significant number of infections in the supply chain.
I don’t have a large supply chain, why would I be affected?
It’s often perceived that small businesses are not big enough to be hit by a supply chain attack. However, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through the systems and networks that you use.
Why should I protect my supply chain?
Implementing change in your supply chain will take time, but the investment will be worthwhile in improving your overall resilience, reducing the number of business disruptions your supply chain will suffer and the damage they cause; financially, loss of working hours and your reputation.
Work with the Cyber Resilience Centre and your suppliers from the outset of a new relationship, and start the discussion about security earlier than you would during traditional product assurance engagements.
By securing your supply chain you are helping demonstrate that your business is in compliance with GDPR and the new Data Protection Act. Ultimately, implementing these security measures may help you win new contracts, because of the trust you have sought in the security of your supply chain.
How can you protect your supply chain from cyber-attacks?
Protect your internal systems by installing firewalls and virus-detection programs, these will block malware from accessing your systems.
Ensure administrator permissions on devices aren't open to all employees. It's important your staff are unable to download unauthorised software and applications that could potentially damage your firewalls.
Be careful of who's part of your supply chain, ensure that they regularly conduct security audits or have security certifications (like Cyber Essentials) and put this within any business contracts you have.
Make sure your staff and IT department are regularly backing up your files and databases in the event that a cyber-attack deletes any trace of them. Make a backup in the cloud and one which is kept offline should you need to recover from an attack.
Make sure you are training all your employees so they are able to recognise attempted cyber-attacks and know how to respond if they see something wrong. Your employees don't need to be cyber experts but should be educated on the dangers of opening suspicious emails, and clicking on unknown URLs, links, and email attachments.
You can further manage the risks with a cyber security policy that is regularly updated and adopted.
Make sure you have a Cyber Incident response plan that provides a process that will help your business, charity or third-sector organisation to respond effectively in the event of a cyber-attack.
If you have any questions about protecting your supply chain or want to explore how we can support your business and your supply chain in implementing these control, contact us today.