October is Cybersecurity Month, and this month our blog covers a disturbing new trend, attacks on supply chains. Over the last year and a half, amidst historical shortages and eye-popping shifts in demand, consumers have become increasingly aware of the role of the supply chain in their local communities and day-to-day lives. So, it isn’t a surprise that supply chain attacks—a concern that’s been on cybersecurity experts’ radars for years—are a growing target for hackers online. Supply chain attacks can have a devastating impact with a single supplier breach having the potential to compromise a deep network of providers.

Cyberattacks on supply chains can take months to take effect, and they can take longer to be discovered. It isn’t uncommon for impacted organization leaders to go months or longer without the compromise being detected. Similar to Advanced Persistence Threat (APT) attacks, supply chain attacks are frequently laser-focused, costly, and incredibly complicated with hackers planning them for months in advance.

While massive attacks are more widely reported, other areas of the supply chain are frequently targeted without much coverage—meaning too many supply chain organizations don’t realize the necessity of investing in a resilient security posture until it’s too late with their organization being on the periphery of the supply chain.

According to ZDNet, these less apparent, lower-level supply chain attacks can be just as damaging to suppliers, with cyber attackers gaining low-profile entryways into networks—frequently exposing developer or mobile environments. While the IT community has been focused on major attacks like the SolarWinds cybersecurity attack, experts warn that it’s important to broaden the radar for other consequential attacks that can occur at a smaller scale.

Unfortunately, supply chain organizations focused on keeping up with chaotic waves of demand, geographical closures, and shortages haven’t been dedicating the same level of attention to securing their supply chain. With the fast-growing threat of supply chain attacks, supply chain leaders must assess how to protect their organizations from cyberattacks. Supply chain leaders must also evaluate how to protect their organization if one of their supplier’s is compromised by a malicious cyber campaign.

In a keynote address to the Cyber 2021 Conference, the National Cyber Security Centre (NCSC) CEO, Lindy Cameron explored best practices every supply chain organization must follow to protect their organizations from being compromised. Cameron shared that supply chain organizations must “establish a clear security direction with their suppliers, asking for and incentivizing good security through the supply chain.” Cameron explains that taking this first step generally includes straightforward security practices, like “controlling how privileged access is managed”.

Next, Cameron explained that supply chain organizations must take an approach that ensures their design is “resilient” in the event that a technology supplier is breached. Great example? You guessed it, The SolarWinds attack last year.  For organizations who had SolarWinds installed correctly, the attack was as Cameron puts it, “irrelevant to your network”.

Supply chain leaders are already facing unprecedented challenges and disruptions.

Supply chain leaders are facing new obstacles and challenges with unexpected site closures and a painful industry-wide talent gap that’s fueling continuous delays and shortages across every market. The level of chaos supply chain and operations leaders manage on a daily basis is stunning.

Meanwhile, a recent MicroAge survey found that 52% of IT leaders lack support with cybersecurity services. And many of the attacks on supply chain organizations that have been the most damaging have been possible because team members aren’t always fluent in necessary permission settings and technology infrastructure.

It’s more critical than ever for supply chain leaders to bring in security experts to ensure they are sufficiently protecting their organization and customer data. Leveraging and Managed Service Provider (MSP) for IT consulting and security services can streamline processes and bolster an organization’s security posture while letting supply chain leaders focus on their growing list of day-to-day demands.