A supply chain attack is a cyber attack that targets the weaker links in a supply chain network such as third-party vendors who may not have as robust a cybersecurity system as the original target. In recent years, cyber attackers have been attacking supply chains much more frequently than before. According to research in the US, supply chain attacks had risen by 42% in the first quarter of 2021. This steady increase in supply chain attacks affected around 7 million people.
An analysis was conducted by the Identity Theft Resource Center (ITRC) of publicly-reported data breaches in Q1 and it was found that 137 organizations reported their supply chains being attacked at 27 different third-party vendors. This is in comparison with 19 third-party vendors in the previous quarter – a steady rise in attacks that can be partly attributed to the work-from-home policies in most organizations which significantly decreases the security measures available to companies and employees. The research also concluded that cyber attacks were increasing by 12% quarter-on-quarter but the number of individuals affected by each breach increased by 564%.
These data compromises included some very high-profile cases such as the attack on Accellion’s File Transfer Appliance (FTA) which impacted other organizations like Shell, the Reserve Bank of New Zealand, Bombardier, and Kroger. Shell said that it had launched an investigation to look into the breach and that the research thus far showed that an unauthorised party had gained access to personal data files and other sensitive data files from Shell and some of its stakeholders.
According to the annual report by the FBI on internet crime, the top issue for businesses as well as individuals in 2020 was phishing. A staggering $1.8 billion in business losses was reported as a direct consequence of phishing.
Eva Velasquez, the CEO of the ITRC, said that even though the number of data breaches had increased slightly, the increase in the number of supply chain attacks was significant and troubling. She said that this increase in supply chain attacks, phishing, and ransomware was signalling the fact that there was a broader criminal trend of exploiting organizations through a single point of attack. She also emphasized that the most important way that people and organizations could protect themselves was through good cyber hygiene.
No, in 2021, it is crucial for organizations to have the right security measures in place to guard against cyber attacks and also to educate their employees on the vulnerabilities that are present within the system and how to overcome them. It is also extremely important for organizations to understand the security measures implemented by their vendors and suppliers because a cybersecurity system is only as strong as its weakest link in the supply chain.