Many companies entrust third parties with access to their data and systems but if they haven’t implemented the right cyber security measures, they could put a company at risk of a serious breach.
The increasing connectivity between businesses means cybercriminals are continuously finding new ways to infiltrate company networks. If there is a vulnerability somewhere in the digital supply chain, the chances are a hacker will be able to uncover it.
Cybercriminals target supply chains to reach as many victims as possible in a single hit. As supply chains can be large and complex, it can be difficult to know if you have sufficient protection in place. An increasing number of organisations are suffering cyberattacks via their supply chains or via their providers of IT services. This is largely because attackers are able to take advantage of customers’ trust in their suppliers and exploit digital vulnerabilities.
What is a supply chain cyberattack?
A supply chain cyberattack occurs when threat actors access a company’s network via suppliers or a third-party provider (the ‘digital supply chain’). Because the third party has been given permission to use areas of the company’s network, applications or sensitive data, an attacker can gain access to these areas too if they are able to penetrate the third party’s defences. The distribution of malware (malicious software) is a common result of a supply chain attack.
Why are cyber-attacks on supply chains becoming more common?
The role of managed service providers (MSPs) in providing IT services (such as security monitoring and digital billing makes) them attractive targets for cybercriminals. Cyberattacks on supply chains are becoming more common as they enable threat actors to target larger numbers of victims all at once, i.e., an attack on one business may give access to hundreds – or even thousands – of their customers.
Kiwi businesses increasingly vulnerable to cyberattacks
Recent research released by Kordia showed large Kiwi business are being significantly impacted by third-party cyberattacks. According to its 2023 survey, respondents reported cyber incidents associated with supply chain partners accounted for 28 per cent of all attacks, which was second only to phishing.
Peter Bailey, Regional Cyber Security Business Manager at Kordia noted that businesses can’t afford to operate with a blind spot around their supply chain partners. “They need absolute clarity around what third parties have access to, and the layers of security that exist around that access,” he said.
How to strengthen your digital supply chain
It is important for organisations to work with their suppliers to identify potential supply chain risks and ensure appropriate cybersecurity measures are in place, and all suppliers should be incorporated into your organisation’s security verification.
Endpoint Detection and Response (EDR) can play a vital role in protecting your organisation from supply chain attacks as it continuously monitors endpoint activity to let you know when an attack has occurred, its attack path and the actions it took. An integrated approach to cybersecurity - combining key EDR with anti-virus software and Two-Factor Authentication - can further strengthen your defences.
How Gallagher can help
As cyber insurance experts, we work with you to understand and manage your exposure to potential cyber risks and arrange the appropriate cyber cover. It is also important to regularly review business risks with your broker to ensure ongoing protection from increasingly active, sophisticated and successful cyber criminals.
For more information please contact your Gallagher broker.
Expert: Claire Haszard
The views expressed in this content are those of the author, who is also responsible for any errors and omissions. Family Business Association provides this article for your information only. The content of the article should not be taken as advice. If you wish to explore this topic, please consult an advisor who you consider to have the expertise to provide specific advice in relation to your family business.