Sergey Nivens - stock.adobe.com
Supply chains of critical industries vulnerable to cyber attack
Customers advised to ask questions to make sure those they work with are aware of risks and have taken steps to fend off threats
Managed service providers are all too aware of cyber criminals gunning for them to access larger targets across the supply chain, but a number of customers appear to be unaware of the risks coming from those they choose to work with.
A portion of those running industries that are viewed as critical to society being among those that lack visibility of the levels of security across their supply chains has been highlighted as a concern.
Findings from DNV Cyber research indicated that only around half of those professionals working in critical infrastructure felt confident that their firms had full visibility of the security vulnerabilities their supply chain exposes to their business.
Slightly more than a third also believed that criminals might have already infiltrated their supply chain without suppliers letting them know of the breaches.
Auke Huistra, director of industrial and OT cyber security at DNV Cyber, said suppliers could expect informed customers to ask them about their security credentials and be prepared to comply with industry standards.
“You can’t secure what you don’t know,” he said. “Organisations need to better understand the vulnerabilities in their supply chains, employing approaches that provide greater oversight of suppliers. To strengthen supply chain security, they should better address cyber security requirements in procurement and supplier contracts, increase focus on security in the design of processes and assets, and involve cyber teams earlier in projects.”
The research also uncovered concerns by many IT professionals around levels of staff training, with a large number expressing doubts that their colleagues were up to speed on the latest threats. “In critical infrastructure industries and OT environments, the consequences of a breach can be particularly severe: for national security, society and the economy,” said Huistra. “All organisations need to secure their supply chains.”
Transparency and collaboration
Huistra called for more transparency and collaboration across supply chains to reduce the danger of undeclared breaches.
“Vendors and suppliers can be game changers in enhancing security,” he said. “It is important that asset owners set requirements for suppliers based on their company’s risk profile and regulation, but also check on the actual implementation of those requirements. Cooperation along the supply chain is crucial, including information sharing about vulnerabilities and incidents.”
Last month, Acronis shared its Cyberthreats report, H2 2024: The rise of AI-driven threats, which underlines the volume of threats MSPs are trying to fend off, with a 197% increase in detected threats in the latter half of 2024 compared with the same period in 2023, and a 21% rise in attacks per organisation.
Email attacks on MSPs increased, with phishing the preferred attack vector for those trying to attack channel partners. There were also attempts to target vulnerabilities in remote access tools such as Microsoft Remote Desktop Protocol.
MSPs were also victims of a rising volume of advanced persistent threat attacks, often originating from ransomware groups looking to cause problems for partners.
The Acronis findings underline that attacks on MSPs are not opportunistic, but are part of a determined effort to enter supply chains to unlock high-reward targets.
