Supply Chain Cyber Attacks Are On the Rise: How To Protect Your Company

supply chain cyber attacks

When it comes to cyber security, things are always changing, and technology is always growing or improving in one way or another. As a result of this, cyber attacks have been on the rise, attacks that can be particularly threatening to supply chain businesses. These supply chain cyber attacks can cause a number of problems for a company, and can even go beyond just the company itself. 

So why are supply chain cyber attacks causing more and more concern among businesses? Because they keep increasing in frequency and in severity. Consider that:

  • There was a 42 percent increase in supply chain attacks in the first quarter of 2021 (CIPS).
  • Supply chain attacks hit three in five businesses in 2021 (CSO Online).
  • A whopping 97 percent of businesses were impacted by a supply chain breach and 93 percent suffered a direct breach due to a supply chain’s vulnerability in 2021 (Bluevoyant).
  • More than half of businesses (52 percent) have had a supply chain  organization hit by ransomware (Trend Micro).

These statistics continue to rise in 2022, with Sonotype predicting a 700 percent increase in repository attacks over the last three years.

These attacks can happen to any business at any time. If you are not prepared and protected, it is likely your business may have a breach in your software, and due to this cyber attack, your goods and services providers could be compromised for days. 

To keep your business safe and secure, you should learn about the risks of cyber attacks to your supply chains. It is also important to have a plan on how to protect your business should your supplier’s security be breached. 

5 Tips to Lower the Risk of Losses From a Supply Chain Attack 

1. Identify Any Risks With Your Suppliers

Learn about any risks to your business if your supply chains are breached or hit with ransomware (the most common attack in regards to supply chains). Start by making a list of all of your suppliers,  whether they’re goods or services. This list includes not only vendors of materials and supplies your company uses or sells, but also any cloud services. You will need to carefully review each vendor to identify any risks or threats in their cyber security. 

2. Create Minimum Security Requirements

Come up with a list of minimum security requirements that each vendor must follow in order for your company to do business with them or use their products and services. It doesn’t have to be complicated or unique. You can even use an already existing data privacy standard. The goal is to ensure that your supply chains take the proper precautions to protect not only their own company, but also anybody they supply to. 

3. Complete a Vulnerability Assessment 

If any of the software you use had a vulnerability that a hacker used to their advantage, how much risk is your system in? Do you have an application in place that will provide any updates to your software as soon as possible? You must be knowledgeable about your risk. 

If you haven’t had an IT security assessment in a year or more, it is important that you do so. If your supply chain is hit with ransomware or a breach of security, this can detect how effective your software is at ensuring this attack does not reach you. Request a vulnerability assessment.

4. Always Have Backup (That Includes Backup Vendors)

If you have only one supplier for your materials, it is much more likely that your business will be impacted if that vendor is compromised. To ensure that you have access to the supplies you need, have two suppliers in place. That way, if a cyber attack takes down one of them, your business doesn’t have to be left in the dust. 

A good  example is your internet provider. Most businesses would in no way be able to operate if they did not have internet access. With a backup service in place, the entire business doesn’t have to go down when your main internet service provider goes down.  

Having a backup in place for all of your suppliers can bolster protection for your business.

5. Always Have Cloud Backup

Some people assume that because they use Microsoft 365, Google Drive or other cloud services, their data is backed up. This is not necessarily the case. In the Microsoft service agreement, it is stated “We recommend that you regularly back up your Content and Data that you store on the Services or store using Third-Party Apps and Services.” This same is true for any cloud service your business uses. 

You should back up all of your information in a separate platform that you store on cloud services. This ensures that you will still have access to your information in the case of a cyber attack on your main cloud. 

Examples of High-profile Supply Chain Cyber Attacks

Still not convinced that your business is truly at risk of these cyber attacks? Here are some examples of high-profile attacks that caused significant issues for the companies and their partners:

  • Colonial Pipeline: This gas pipeline was shut down for close to a week after it was hit with ransomware. 
  • JBS: One of the world’s largest suppliers of beef and pork products was shut down for multiple days in more than three countries after a ransomware attack. 
  • Kaseya: This software company was hit with ransomware that managed to reach about 1,500 of the IT businesses that use their products. 

Don’t Go IT Alone

We know that it can be extremely stressful to wade through the latest cyber security risks and figure out how you are going to protect your business. That is what we are here for. Contact us or book a consultation so we can help keep you and your business safe. 

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...