supply chain

In today´s post we are going to talk about supply chain attacks. But before going into detail….

What is a supply chain?

A supply chain is a set of interconnected actors that delivers certain resources from their origin to the final consumer.

Each supply chain is different. The phases or links will vary depending on which sector the company operates within.

How is a supply chain attack excecuted?

In an attack on the supply chain, the hacker takes advantage of information exchanged between the different links.

For this, the hacker infiltrates the systems of a certain link (provider). Once inside, it seeks to either access information stored in the provider’s systems, or use it as a gateway to access the network of the organization with which it collaborates.

The increasing popularity of this type of attacks is due to the fact that, in general, there is always some link whose security measures are weaker and thus it is easier to bypass their security perimeter becoming a very an attractive gateway to the target company.

In addition, on many occasions, suppliers or service companies do not collaborate with a single company but with several, so that, with a single attack, an exponential effect can be achieved.

According to a study conducted by the Ponemon Institute:

  • 59% of respondents confirm that their organization experienced a data breach caused by a third party.
  • 22% do not know if there was any data breach or not in the last 12 months.
  • Only 15% say their company knows how the third parties with whom they collaborate access and process their information.
  • 76% of respondents say that the number of cybersecurity incidents involving providers is increasing, but only 46% of respondents say that managing the risks of third-party relationships is a priority.

Supply chain attack examples

Two of the best-known examples of this type of attack are that of Equifax or the famous case of the Panama papers. In both cases, a collaborated company was blamed for the leak.

The consequences of this type of attack can range from the loss of confidential information of the company or customers, to large fines and the interruption of the manufacturing process or the reputation of the company.

Would the same thing happen with RITech, our web isolation technology?

Follow us on Twitter and LinkedIn to stay up on the latest updates!