What is a Supply Chain Attack?

A supply chain attack damages an organisation, an individual sector or entire industry by targeting and attacking the elements of a supply chain which are less secure. Most commonly, the receivers of these supply chain attacks are small businesses that provide a product or service to larger companies. The bigger the organisation or industry which it is in, often results in a much larger and complex supply chain Many organisations have a very limited overview of their supply chains, usually as a result of their size. It’s this lack of visibility and control that makes the supply chain so attractive and an easy target for malicious attackers.

Supply Chain Attacks Are Increasing, Why?

As we enter the new decade, it is evident supply chain attacks are increasing. Below highlights some of the primary reasons for the increase:

  • Difficulty in detecting supply chain attacks – Since most supply chain attacks take place by adding a backdoor to legitimate and certified software, they are rarely detected by an organization’s cybersecurity defences. Many security teams don’t usually anticipate that their software could be made a target during the development stage, something which attackers are well aware of and ready to capitalize. It is often the case that when a large scale vendor discovers an attack, they may be reluctant to disclose it, fearing that their reputation would be damaged. 
  • The business behind supply chain attacks – Within recent years huge data breaches have occurred revealing personal identifiable information, credit card numbers and bank account details. The supply of data from supply chain attacks now exceeds the demand, and ultimately bringing down the value of the information.
  • Creative Attacks – With defenders cutting off easy routes to malicious activities, attackers have been forced to become even more creative in how they attack enterprises. They now see supply chain attacks as an easy opportunity to infiltrate soft targets. When malicious attackers breach trusted applications, contractors and suppliers it opens the door to a stealthy way to compromise much larger organizations.