In 2021, we saw quite a few supply chain attacks. These attacks are so dangerous because there is a chain reaction when one particular company is attacked. Instead of the attack impacting just that company, it has a much wider effect.
Take the Colonial Pipeline attack for example. This ransomware attack caused the major supply of gasoline and petroleum products to the east coast to be shut down for nearly a week. It also impacted gas prices nationwide.
There are also other types of supply chain attacks that we’ll discuss in this article, which include when computer systems of a technology or software company are infected, which then infect the customers they do business with.
Just how bad are supply chain attacks getting?
During the first quarter of 2021, supply chain attacks rose by 42%. Additionally, 97% of companies have been impacted by a breach in their supply chain, and 93% suffered a direct breach because of a supply chain security vulnerability.
Hackers are seeing a supply chain attack as a way to get a one-to-many impact. They attack a single company and can either:
- Trigger major problems because the supply of a particular product is interrupted; or
- Cause widespread vulnerabilities due to malware that’s been hidden in particular software.
It’s important to not only have solid cybersecurity practices to protect against supply chain attacks but to also do regular penetration testing and properly manage supply chain risks to ensure your business isn’t negatively impacted.
Two Main Types of Supply Chain Attacks to Defend Against
There are two main types of supply chain attacks that you’ll need to keep in mind when developing and implementing business continuity and security strategies. The first is an attack on a major supplier of a vital product, and the second is an attack on a technology-related vendor that then causes your own IT security to become compromised.
Product Supply Chain Dangers
The Colonial Pipeline attack impacted hundreds of thousands of other people, as well as businesses that depend on the gas and oil products provided by that pipeline. It caused major disruptions and price increases as that company was trying to bounce back from the attack.
Another big supply chain attack that happened last year impacted the supply of beef and pork products. The largest beef and pork producer in the world, JBS, was also hit with a ransomware attack that took facilities in several countries out of operation for multiple days.
Software/Technology Supply Chain Dangers
Another type of attack that can even more directly impact your business is when software that you have installed in your systems is found to have a breach. These can often go undetected for years, then as soon as attackers begin taking advantage of the vulnerability, thousands of companies can become infected as a result.
One of the most recent examples of this type of supply chain attack is the breach of Kaseya, a software provider for managed IT providers to enable remote connections to their clients.
Kaseya’s systems were attacked with ransomware, which impacted the software it provided to IT service companies. There were as many as 1,500 small and mid-sized businesses – customers of those IT providers – that were affected by the ransomware as a result.
What Can You Do to Defend Against Supply Chain Attacks?
Just having good cybersecurity defenses is not usually enough to defend against a supply chain breach. You also need to pay attention to the vendors you are doing business with, especially those in the technology area.
Here are some things you should do to fortify your position against these types of widespread attacks.
Automate Your IT Management & Monitoring
It’s important to put as much automation in place as possible to defend against threats to your network and data in real-time. This includes ongoing monitoring for any anomalies in your systems.
One of the best ways to do that is through managed IT services that handle your security, patch updates, and network monitoring for you.
Conduct Regular Penetration Testing & Security Audits
Many supply chain breaches go undetected for years because a company doesn’t have regular testing or audits done that would uncover the threat. Having at least an annual security audit and penetration testing performed can help you uncover vulnerabilities before they result in a devastating breach.
Understand & Document Supplier Risks
It’s important to list out all your suppliers and review the risks they can pose to your company. Look at all suppliers and services to identify critical software dependencies and single points of failure. Then put safeguards in place to help mitigate those as much as possible.
Schedule an IT Security Audit Today With Supplier Risk Identification
Your first step to defending against supply chain attacks is to understand your vulnerabilities. Connect2Geek can help your Treasure Valley business with a thorough security audit, including identifying any technology-related supply chain risk factors.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.