Cyberattacks on the Rise & Threatening the Links in Your Supply Chain

Cyberattacks on the Rise & Threatening the Links in Your Supply Chain

Over the years, supply chain networks have been fiercely driven by technology. And as a response to the coronavirus pandemic, organizations of all sizes and across industries accelerated their digital transformation to adapt to the operational needs of remote workforces and customer expectations in a physically distanced world.

This fast-growing technology transformation brought a significantly increased occurrence of cyberattacks, with supply chain networks being particularly vulnerable to attacks.

Globally, supply chains are under immense and unprecedented amounts of pressure from many different directions, which is why they are a prime target for malicious actors. Additionally, the technology that makes supply chains faster and more efficient also threatens their cybersecurity. Because technology and supply chain are so intertwined, discussions about supply chain recovery need to include cybersecurity and risk management, focusing on mitigating supply chain attacks.

Supply Chain Attacks

Supply chain attacks are a type of cyberattack that target trusted third-party vendors with access to systems and data that offer vital services or software to the supply chain. This has dramatically changed the attack surface for companies because, more than ever before, suppliers and service providers are touching sensitive data. Supply chain attacks have historically been referred to as attacks against trusted relationships.

However, software supply chain attacks are becoming a greater concern. A software supply chain attack occurs when an attacker injects malicious code into an application to infect all app users. Software supply chains are very vulnerable because most modern software involves many off-the-shelf components, such as open-source code, code from software vendors, or third-party APIs. According to a 2021 study by GitHub, the average software project has 203 dependencies. If an application includes any compromised dependencies, every business that downloads the app becomes compromised.

Statistics

• In 2021, CrowdStrike surveyed 2,220 IT decision-makers, and 84% responded that software supply chain attacks could become one of the biggest threats to their organizations within the next three years.

• The 2021 CrowdStrike Global Security Attitude survey also found that only 36% of respondents vetted all new and existing suppliers for security purposes in the previous 12 months. Additionally, 45% of respondents’ organizations experienced at least one software supply chain attack in 2020, compared to 32% in 2018.

• An estimated 66% of supply chain breaches are a result of supplier or third-party vulnerabilities.

• Over 60% of data breaches are caused by simple oversights, like failing to patch software.

Supply chain attacks are becoming more common as a response to companies hardening their digital environments. As we know, there are many different points along a supply chain, and there’s a good chance that there’s a vulnerability somewhere along the way. When these vulnerabilities are exploited, all other parties in the chain are in harm’s way. With enterprises becoming more reliant on outside providers, this problem is only likely to get worse. And no industry is safe. The oil, government, manufacturing, and financial institutions have all been shown to be at risk.

For example, take the SolarWinds supply chain attack in December of 2020. This complex attack injected malicious code into a software’s build cycle and infected about 18,000 customers, including government agencies and major firms protected by leading cybersecurity tools and services. The Colonial Pipeline hacking attack also made headlines by interrupting fuel supply to the southeastern United States for a week. This attack set off a chain reaction of panic buying, price hikes, and gas shortages, proving just how disruptive and tangible a supply chain cyberattack can be.

With the supply chain already in such a precarious position due to underlying economic changes and labor shortages, companies and their suppliers need to find ways to better manage the risk of supply chain attacks. Organizations should vet the cybersecurity posture of their supply chain partners on an ongoing basis in addition to performing internal cybersecurity assessments. Businesses suffer when they’re unable to meet customer demands due to supply chain interruptions and might not be able to survive the fallout.

Connect with your broker to discuss your cybersecurity risk strategy to help protect your business and better position your business to underwriters.

Disclaimer

This material has been prepared for informational purposes only and was generated from information provided to BKS from the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal, or accounting advice. You should consult your tax, legal, and accounting advisors for those services.

No Comments yet!

Table of Contents

Recents Post
March Pulse webpage
March 2024 Pulse Newsletter
Slip Trip Fall
Slip, Trip, and Fall Prevention
2023 State of the Market Mid-Year Report
State of the Market 2024 Outlook

This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. Baldwin Risk Partners, LLC (“BRP”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. BRP does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, BRP does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.

Baldwin Risk Partners, LLC offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through BRP insurance licensed entities. This material is not an offer to sell insurance.

Get in contact with an advisor today to see how BKS can support you.