Cyberattacks are dangerous, but the particularly devastating ones are those that recently targeted supply chain companies because not only companies themselves but also their clients suffered significant financial losses. This has been clearly shown in 2021 when we’ve seen several attacks on the supply chain companies occur that had wide-reaching consequences, going far beyond the company that was initially breached. 

Some recent high-profile examples of supply chain attacks you may have heard of are:

  • Colonial Pipeline: A ransomware attack that caused a major gas pipeline to be shut down for almost a week, costing owners 5 million dollars just to pay the ransom.
    You can check out our article about the “Colonial Pipeline Attack” and what Canadian companies can learn from it.
  • JBS: The world’s largest supplier of pork and beef products was hit with ransomware, causing production plants in three countries to shut down for several days.
  • Kaseya: This software company had its code infected with ransomware, which spread itself to IT businesses that used its products as well as 1,500 of their small business customers.

Do you need to be worried about supply chain attacks that already happened? Yes, because the number of attacks has been growing and is expected to continue to grow in the future.

Supply chain attacks rose by 42% during Q1 of 2021. And surprisingly, 97% of companies have been impacted by a breach in their supply chain, while 93% suffered a direct breach as a result of a supply chain security vulnerability.

Even if your cybersecurity is top-notch you still can be impacted by a breach of a company you partnered with. It can be a software company whose products you use or a service/goods supplier who is vital for your business operations.

So, as part of any good business continuity and disaster recovery strategy, you should look at supply chain risks in light of the current ransomware attacks as well as an increase in cyberattacks overall.

HOW CAN YOU MITIGATE YOUR SUPPLY CHAIN RISKS?

Cybersecurity Vaughan

STEP 1. IDENTIFY YOUR SUPPLIER RISK

You can’t fix things if you don’t know what exactly is broken. So, you need to begin by looking closely at your risks should one of your vendors get hit with ransomware or any other type of cyberattack.

List all your vendors/suppliers, for both goods and services. This includes everything from the cloud services providers to the company that sends you office products to any raw materials supplier you work with.

Review your list to identify the cybersecurity risks of each company. If you don’t have a complete in-house IT team then this is something you’ll probably have to outsource to an IT partner like EB Solution. We have more than a decade of experience in cybersecurity and has helped many companies to review their vendor’s security.

STEP 2. CREATE SECURITY REQUIREMENTS FOR DIGITAL VENDORS

Data Protection Canada

It’s generally a good idea to come up with some minimum security requirements that you can use as a benchmark when choosing a vendor. One way to make this easier is to use an existing data privacy standard as one of the requirements.

For example, if a vendor is GDPR compliant, then you know they had to adopt several important cybersecurity standards that protect their as well as your business from cyberattacks.

STEP 3. DO AN IT SECURITY ASSESSMENT

If the software you use had a vulnerability that was exploited, how much does that put your IT system at risk? Do you have a regular patch application strategy? Who is responsible for ensuring your software updates are applied right away?

It’s considered a good practice to do an IT security assessment at least once a year. It will help you identify how strong your systems would be at preventing a data breach or ransomware infection, and what should be done to protect your systems if your digital supply chain vendor gets breached.

STEP 4. PUT BACKUP VENDORS WHERE POSSIBLE

If you have a single supplier for a specific part needed for your product then you’re at a much higher risk of downtime than if you had two or more suppliers of that part.

If a key vendor of yours can’t fill orders for a week or more, how dangerous is it for your business? These are some of the things you want to consider when setting up backup vendors/suppliers.

For example, most companies nowadays would consider themselves down without their internet connection. So, having a backup internet service provider(ISP) can help you avoid lengthy downtime if your main ISP goes down.

Look at putting this type of safety net in place for all possible vendors.

STEP 5. ENSURE THAT DATA KEPT IN CLOUD SERVICES IS BACKED UP

Data Security Toronto

In its Services Agreement, Microsoft recommends that customers back up their cloud data. Their policy states, “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

You should have a backup, on a separate platform, of all data that you store in cloud services. This way you’ll be protected in case of a ransomware attack or other data loss incident.

SCHEDULE A SUPPLY CHAIN SECURITY ASSESSMENT

Don’t be ignorant about your risks. Schedule a supply chain security assessment to learn where you could be impacted in the case of a cyberattack on your supplier or vendor.

EB Solution is a leading IT service provider in New York City. Our services include small and medium-sized business IT consulting, cybersecurity, networking, business continuity, and managed IT services.

Watch Our Latest Tech Videos From EB Solution

Call Now