Stop hackers leapfrogging your supply chain

posted by Barry Kukkuk
4 November 2019

Global cyber crime is on the increase, and it is predicted that damages will be up to $6tn annually by 2021.

Criminals today are moving away from “traditional” robberies as cyber crime offers higher rewards, and there is less chance of getting caught. They don't need to concern themselves with leaving behind DNA at the crime scene, and they can target multiple victims at the same time.

Rest assured that someone will fall into the trap. Advances have been made over recent years to detect the origination of a cyber attack. However, it is still a lot easier to get away with, and there is a guarantee that you won’t face any potential physical harm that traditional robberies often bring.

Computers and networks are being targeted at a rate of one attack every 39 seconds, according to a recent report from the University of Maryland. Companies and individuals across the board need to be more alert, but companies and individuals in a supply chain need to be that much more vigilant as its no longer only about your inhouse security measures, you now need to worry about the security systems that your suppliers and customers have as well.

Take a look at just how many of your daily tasks are outsourced to another business? Does this business have access to your data? Do you have contracts in place that stipulate how, when, where, and to whom these companies can use and share your data? Do you know what cyber security measures these companies have in place before you give them access to your data?

SMEs are usually a good place for a cyber criminal to start. SMEs often don't have the knowledge, resources, or budget to implement security systems, or they think they are safe –  “Why would anyone attack my SME when there are far bigger fish to fry out there?”

The problem is that cyber criminals use the SME to infiltrate the supply chain and then play “leapfrog” and jump from system-to-system to hopefully gain access to the big fish where they can either expose sensitive information or manipulate operations in the supply chain.

No security system is 100% cyber proof, but if you at least have something in place, the cyber criminal will far rather move on to an easier target than to try and gain access to your system. Anything is better than nothing. Start by protecting your own data centre first and foremost. Then move outward and look at all third parties in your network to ensure that this next layer of security is in place.

Investigate all your third parties’ security systems to see how they would handle and recover from a cyber-attack. Make sure that you have access to your vendors' security procedures in all areas of their: IT, human resources, legal, and operational/procurement. Understand each vendor’s importance in your supply chain to determine the level of each one’s risk. Set expectations by entering into contracts with each vendor and follow up regularly to assess performance. Cancel contracts with suppliers that don’t or won’t comply with security measures.

Your suppliers and their employees are an extension of your business – a cyber attack can affect many companies within a supply chain, so it’s in the best interest of all stakeholders to work together to have robust processes, policies, and procedures in place. Running regular anti-malware scans and blocking malicious looking IP addresses is a good start but very often our employees are our weakest link so educating every person within your business as well as your third-party supplier businesses is equally essential. Train them to know how to identify possible threats to your systems and to report anything peculiar to your IT team ASAP.

☛ Barry Kukkuk is chief information officer at Netstock

London (Central), London (Greater)
£40,169 per annum
Royal College of General Practitioners
Based at Dstl Porton Down, Salisbury or Dstl Portsdown West, Fareham
£25,052 - £29,228 (+ benefits including flexible working) depending on skills and experience
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates