Arrow back

What is a supply chain attack and how can you prepare your business?

04 August, 2022

These days it can seem like there are more ways for cybercriminals to attack your business than minutes in the day, but it’s true: there are a myriad ways that cybercriminals can cause disruption and financial loss.

More than direct attacks, cybercriminals who want to attack a specific business may even opt for other methods such as supply chain attacks. But what is a supply chain attack, who has fallen victim recently, and how do you protect your business from such an attack? Join us as we share everything you need to know.

What is a supply chain attack?

A supply chain attack is when cybercriminals target third-party companies that businesses deal with, rather than directly targeting the businesses they want to attack.

Let’s say your business has the highest level of cybersecurity, if the third-party companies you rely on do not you could still face major cybersecurity problems as a consequence.

There have been some high-profile cases where cyberattacks have targeted supply chains, and SolarWinds is one of the most significant attacks on record.

How was SolarWinds targeted?

SolarWinds is a company that provides Orion; a network and applications monitoring platform. Hackers were able to compromise the infrastructure, which distributed ‘trojanised’ updates to the users.

It was reported that 425 of the US Fortune 500 were customers of SolarWinds, including the US Military, Pentagon and State Department. Additionally, the top ten telecommunications companies and top five accounting firms were also listed as users.

The attack also enabled the hackers to access FireEye’s network, which is a US cybersecurity firm. This impacted companies and organisations around the world, including governments and telecoms.

One of the reasons supply chain attacks are becoming so prevalent is because they allow hackers to access many companies and organisations rather than just one, as demonstrated in the SolarWinds attack.

How to protect your business against supply chain attacks

Research has found that 55% of security professionals reported organisational breaches involving supply chain or third-party providers in the past 12 months.

With attacks on supply chains hotting up, it’s important to stay protected. There are a number of ways that businesses can boost their protection from attacks, including:

Implement a Zero Trust Architecture

A Zero Trust Architecture assumes that all network activity is malicious, so there are a number of strict policies that must be passed before access to intellectual property is granted.

Install anti-virus software

Installing and keeping your anti-virus software up to date will help to protect your systems in the event of a cyberattack.

Use honeytokens

Honeytokens are traps used to catch cybercriminals. They utilise fake resources to fool hackers into thinking they are accessing sensitive data. An alert will be triggered if a hacker attempts an attack, giving businesses advanced warning that an attempt is being made to access sensitive data.

Restrict access to sensitive data

Good access management can make a big difference to protecting businesses. Ensure that only the employees who absolutely must have access to sensitive data to perform their role have access. The more accounts with privileged access, the more accounts hackers can target.

Training employees

Hackers will often try to expose human errors such as poor password management or by tricking employees into clicking dangerous links. Having a high-quality cybersecurity training programme is key to creating a culture of cybersecurity awareness in employees.

raining solutions that are engaging and relate to the employee’s own role and tasks are more effective than the standard off-the-shelf training courses.

Bob’s Business provides cybersecurity training that not only helps employees recognise threats, but also understand what to do in the event of an attack to minimise the consequences.

Our unique Human Vulnerability Assessment tool can help you determine your business’ cybersecurity blind spots.

Join us in driving meaningful change around cybersecurity by discovering more about how our training solutions can protect you. Book a demo now.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance