Cyber-security industry sources estimate that 2021 will see four times as many supply chain attacks as in 2020. (helpnetsecurity.com/2021/08/04/supply-chain-attacks-multiply/)
These attacks can adversely impact firms and organizations, not only in terms of direct financial loss but also in severe disruption to their systems and operations, as well as long-term damage to their reputations.
Therefore, businesses must ensure that their cyber-security is as watertight as possible, including protecting against attacks on the firms involved in their supply chain, all of which are vital for successful and profitable operations.
How Bad Actors Are Attacking Supply Chains
The term “supply chain attack” covers a wide range of criminal activities.
The physical theft of finished goods or raw materials, or the disruption of transport networks, for example, may badly disrupt the operations and profitability of manufacturers and retailers further down the chain.
Today, however, electronic cyber-attacks are far more common and far more lucrative, and these are mainly driving the rapid increase in supply chain attacks.
The IT sector is an obvious target for cyber-criminals, but any industry with a complex supply network may also provide an opportunity for illicit profits. So the bad actors are also increasingly focusing on the oil and energy industries, pharmaceuticals, and large retailers, to name but a few.
Malicious Attacks
There have been numerous high-profile attacks, but it’s worth noting that the vast majority of all supply chain attacks were against smaller firms.
Typically, cyber-criminals will use computer worms, Trojans, ransomware, and other malware to steal customer data or disable suppliers’ key operating systems pending a ransom payment.
Mitigating Risks
The direct financial and reputational consequences for all firms in the supply chain can be enormous. And it’s therefore essential that all should take steps to mitigate their risk. The United States Counter-Intelligence and Security Center (NCSC) recommends the following steps:
More generally, it is wise to keep supply chains as small as possible, focus on staff training, and ensure that all software is kept up to date and patched as necessary.
Why Supply Chain Attacks Are Set to Increase
All of these measures are essential precautions, but they may not be enough. The growth in remote working, accelerated by the COVID-19 pandemic, the advent of 5G and the Internet of Things (IoT), and a shortage of cybersecurity expertise (varonis.com/blog/cybersecurity-statistics/), all mean that the current rapid rise in the incidence of supply chain attacks is likely to continue or even intensify.
The Importance of Cyber Insurance
This is why a well-designed cyber-insurance program, sitting alongside and in support of the necessary mitigation measures, is a vital precaution.
Such a program will not only provide direct compensation for any ransomware losses, but it can also cover losses generated by third-party providers, loss of earnings due to business interruption, and many additional expenses incurred as a result of an attack.
INSUREtrust has been a pioneer in cyber insurance since 1997 and has developed ground-breaking policies to protect businesses against crime and cyber liability. We have also developed a comprehensive risk management platform of services to assist our insured’s in remaining or becoming insurable in today’s hardening cyber insurance landscape. Learn more about protecting your clients assets at insuretrust.com.