ENISA warns businesses to improve supply chain security.
ENISA warns businesses to improve supply chain security.

Supply chain cyber attacks to ‘quadruple’

3 August 2021

 

Cyber attacks on supply chains are on the rise with no signs of stopping, warns the European Union Agency for Cybersecurity (ENISA) in a report. 
 
Strong security protection is “no longer enough” it says and cybersecurity incidents are expected to increase four-fold this year compared to 2020. 
 
The report, Threat landscape for supply chain attacks, examined infiltrations over the past 12 months  and found that in 66% of cases attackers targeted a supplier’s code, while 20% targeted data, and 12% of attacks focused on internal processes. 
 
While malware was the most common form of attack on suppliers, accounting for 62% of incidents, two-thirds of attacks on customers took advantage of their trust in their supplier. 
 
When it came to sharing information, in 66% of incidents suppliers did not know or were not prepared to disclose how their systems had been compromised, while 9% of customers had no insight into how they were compromised.
 
This, it said, highlights the need for businesses to take greater action such as to validate third-party code and software to ensure they have not been tampered with or manipulated. 
 
Cyberattacks attacks on supply chains are becoming increasingly common as they enable criminals to target larger numbers of customers at once, resulting in a more “widely propagated impact”.
 
As a result, the ENSIA is calling for coordinated action to be taken at EU-level to tackle the issue.
 
“Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once, ” said Juhan Lepassaar, executive director at the EU Agency for Cybersecurity. 
 
The impact of attacks may have “far-reaching consequences because of the increased interdependencies and complexities of the techniques used”, said the report.
 
“Organisations need to update their cybersecurity methodology with supply chain attacks in mind and to incorporate all their suppliers in their protection and security verification.”
 
It also recommended companies ensure their infrastructure used to manufacture and deliver products follows strict cybersecurity practices, and advised companies to monitor security vulnerabilities and maintain inventories of cyber assets. 

Cyber attacks on supply chains are on the rise with no signs of stopping, warns the European Union Agency for Cybersecurity (ENISA) in a report

Strong security protection is “no longer enough” it said and added that cybersecurity incidents are expected to increase four-fold this year compared to 2020.  

The report, Threat landscape for supply chain attacks, examined infiltrations over the past 12 months and found that in 66% of cases attackers had targeted a supplier’s system code, while 20% targeted data, and 12% had focused on internal processes.  

While malware was the most common method used, accounting for 62% of incidents, two-thirds of attacks on customers took advantage of trust in their suppliers.  

It said a common mistake is trusting that prompts to allow automatic software updates and system backups are from genuine suppliers. But it also argued that accepting policies and system certificates are in place without performing checks would introduce vulnerabilities.

This, it said, highlights the need for businesses to take greater action such as validating third-party code and software to ensure they have not been tampered with or manipulated.  

When it came to sharing information, in 66% of incidents suppliers did not know or were not prepared to disclose how their systems had been compromised, while 9% of customers had no knowledge of how they had been compromised. 

Cyberattacks on supply chains are becoming increasingly common as they enable criminals to target larger numbers of customers at once, resulting in a more “widely propagated impact”. 

As a result, the ENISA is calling for coordinated action to be taken at EU-level to tackle the issue. 

“Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once, ” said Juhan Lepassaar, executive director at the EU Agency for Cybersecurity.  

These “far-reaching consequences" may be due to "increased interdependencies and complexities of the techniques used”, the report stated. 

“Organisations need to update their cybersecurity methodology with supply chain attacks in mind and to incorporate all their suppliers in their protection and security verification.” 

It also recommended companies establish strict cybersecurity practices and ensure their manufacturing infrastructure and delivery products adhere to these, and advised companies to monitor security vulnerabilities and maintain inventories of cyber assets. 

LATEST
JOBS
Location: Home-Based with travel
We are offering a salary up to £60,000 for this role, depending on experience.
Zurich Insurance Ltd
Canary Wharf, London (Greater)
£33,119 - £37,209 pa
CMA
SEARCH JOBS
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates
GO TO CIPS KNOWLEDGE