Companies throughout the world are vulnerable to cyberattacks that could compromise supply-chain operations. How can they stand resilient against potential supply-chain disruptions?
A Growing Problem
Supply-chain attacks against companies worldwide increased 51% between July and December 2021, according to research from firm NCC Group. The firm surveyed 1,400 cybersecurity leaders at organizations across 11 countries. Only a third (32%) of those surveyed believed they could respond quickly and effectively to a supply-chain breach.
Managing third-party risks is one of the biggest challenges they face in their cybersecurity fight. Many survey respondents revealed there is confusion over which party—their organization or their vendor—is responsible for preventing, detecting, and mitigating supply-chain risk. Half of them (53%) said responsibility is equally split.
Recently, everyone was talking about pandemic-related supply-chain shortages and disruptions. Items ranging from raw materials and food to technological components and finished goods were impacted by supply-chain problems. The global chip shortage especially brought to light how widespread and problematic supply-chain disruptions could be. Semiconductor chips are used for a wide range of car functions, and the shortages shut down automotive production lines throughout 2020-2021.
Strengthening Technology and Security
Supply chains face broad impacts if certain technology and services are compromised. Commonly used third-party software are targets for cyber criminals. Forty-nine percent of commercial codebases use open-source components that have high-risk vulnerabilities, according to an audit by Synopsys.
Meanwhile, nation-states are increasingly engaging in practices to target supply-chain vulnerabilities. These attacks can be devastating for small and midsize businesses. Some 60% of small businesses that suffer a cyberattack go out of business within six months, reports the National Cyber Security Alliance.
Further support against supply-chain threats is coming from the U.S. government. A recent executive order from the Biden administration requires all technology vendors that contract with the federal government to publicly release a software bill of materials (SBOMs). This adds transparency to the software supply chain. SBOMs are a written record of the “ingredients” comprising a software product provided to anyone building, buying, or operating software.
How Businesses Can Avoid Supply-Chain Attacks
As companies realize that supplier risk is a major challenge, they will take action to prevent supply-chain attacks. Increased investment in cybersecurity has become a priority.
Of the security decision-makers surveyed in the NCC study, a consensus was found that security budgets were expected to increase by an average of 10% during 2022 to help avoid the risk posed to supply chains around the world.
It is important that investment in security addresses how to prevent, detect, and resolve attacks. Companies should also strive to become more confident in their relationships with suppliers—addressing any loose controls.
Here are other ways organizations can reduce the number of risks to their supply chains:
- Threat detection—stay informed and quickly react to threats that may impact the organization.
- Cybersecurity reviews and assessments—conduct in-depth assessments of the ability to protect systems, networks, and information from the impact of cyber threats.
- Security training—educate employees to recognize common cyber threats.
- Test infrastructures and applications—examine hardware and software to uncover potential risks that target infrastructure.
By reducing the risks that are rooted in supply chains, organizations can save massive amounts of time and money.
Protect Organizations from Cyber Threats
Choose William Woods University’s Bachelor of Science in Cybersecurity degree program, which is designed to prepare students to protect information in the face of hackers and growing cybersecurity threats.