Supply chain attacks awareness tips
Hear from our tech team on how to enhance your awareness of supply chain attacks and safeguard your business proactively.
Supply chain attacks, once considered a rare occurrence, have now become a persistent threat that pose a significant risk to businesses worldwide.
We recently asked our tech team about the common mistakes that companies make, which puts them at risk of such attacks. But It’s not all doom and gloom! We’re here to arm you with the knowledge and strategies to defend against these threats.
Read what our tech team had to say about Supply chain attacks…
“Are the staff well-trained? Do they utilise password managers? Are they well-versed in personal security and ensure MFA is enabled everywhere? You could have all the bells and whistles of security implemented for staff and technology, but it takes just one contractor’s login—where MFA isn’t enabled and a weak password, shared throughout the third-party company—to create a gaping hole in your network”
Zak Clifford, Senior Penetration Tester
“Supply chain attacks are typically orchestrated by state actors or APTs with ample resources, often timed strategically during events like Christmas or Chinese New Year when people are relaxed and their guard is down. During my time managing networking at an MSP, I found myself dealing with the aftermath of incidents like log4j and SolarWinds breaches during Christmas and bank holidays, across numerous companies. The repetition and panic from staff became exhausting.”
Ned Roscoe, Junior Security Analyst
“A supply chain attack like the recent XZ Utils breach, CVE-2024-3094, underscores the fragility of digital trust. It’s a stark reminder that security is everyone’s concern, especially in open-source communities. This incident highlights how a simple oversight can endanger critical systems, stressing the need for constant vigilance and collaborative cyber security efforts.”
Punit Sharma, Penetration Tester
“Supply chain attacks breach multiple organisations via suppliers’ networks. To protect your organisation, consider including limiting network access, multi-factor authentication, network segmentation, monitoring solutions, source verification, securing update servers, software inventories, vendor security assessments, and endpoint detection.”
Soham Bakore, Security Consultant
“These attackers exploit vendor vulnerabilities, granting access to networks, compromising privacy, and disrupting operations. Stay proactive: monitor third-party software installations, integrate your supply chain into cyber management, and control critical data access. Ensure vendors properly delete data post-contract termination to mitigate security risks.”
Chahat Mundra, Cyber Security Analyst
