Three ways hackers can hit via your supply chain
Your company systems may be secure, but cyber criminals could still cripple your business via the supply chain. Here’s how
Cyber security chiefs are usually tasked with securing digital corporate assets. But what about systems beyond corporate borders? Hackers can damage a company via its supply chain in three ways.
ATTACK STRATEGY 1: BREAK THE CHAIN
If your supply chain systems do not work, then neither can your business.
How: Hackers target systems or infrastructure used to facilitate the movement of goods and services between suppliers and their customers.
Why: Individual companies in the supply chain might have solid security but the links between them may be relatively exposed.
Example: Over three hours on a tranquil Sunday morning in May 2016, people took ¥1.8bn ($18mn) of cash out of ATMs belonging to Seven Bank in Tokyo, Japan. But these were not normal withdrawals.1
Instead, hackers exploited vulnerabilities in the bank’s 24-hour cash machines to extract banknotes without leaving a trace – interrupting the bank’s ability to supply money to its customers.
We're looking at how manufacturers might employ secure-by-design protocols to ensure that the equipment they're using is designed specifically for them using componentry from reputable suppliers. It's a supply chain issue because it’s the supply chain that is being attacked
ATTACK STRATEGY 2: KNOCK A SUPPLIER
Sabotaging a single key supplier may be enough to damage an entire supply chain.
How: A supply chain is only as strong as its weakest link, so targeting a critical supplier can be as serious as attacking a major manufacturer.
Why: Small suppliers often do not have the cyber defence resources of larger companies, making them easy targets for hackers.
Example: Toyota, the world’s largest carmaker, had to shut down all its Japanese factories in February after one of its component makers, Kojima Press Industries, was hit by a cyber attack.
The stoppage also affected Toyota’s subsidiaries Daihatsu and Hino and saw 14 production plants grinding to a halt, with a loss of 13,000 vehicles a day. It came just as Toyota was looking to increase production after suffering halts from Covid-19 and the global chip shortage.2
Supply chain attacks are on the increase. Smaller companies are more likely to be targeted than larger companies. Threats against supply chain security have always been targeting small, medium and micro enterprises, of which there are quite a lot
ATTACK STRATEGY 3: PIECE DEFENCES VIA A SUPPLIER
Supply chains give hackers access to the soft underbelly of global companies.
How: Sneaking threats under an opponent’s nose is as old as the Trojan Horse – and remains a common cyber threat today.
Why: Large companies tend to implicitly trust their suppliers even though the latter may not always be able or motivated to apply strict security protocols.
Example: One of the biggest cyber attacks ever involved a little-known company called SolarWinds, which supplies network management systems for large companies.
In 2020, hackers penetrated the company’s widely used Orion package and gained access to around 18,000 SolarWinds clients, including some cyber security companies.3
