Global supply chains continue to be a favourite target for cybercriminals. This isn’t surprising given that targeting a single supply network can allow threat actors to cause large-scale disruption. For cybercriminals, it’s an opportunity to hit multiple targets with a single arrow.
Since 2018, the number of businesses impacted by supply chain attacks has increased by over 2,600%. According to ITRC’s data, more than 54 million organisations were impacted last year across 242 breaches.
These statistics and recent high-profile attacks on giants like Toyota, the NHS, and Ministry of Defence indicate that businesses need to rethink their approach to conventional cybersecurity across the entire supply chain.
The old ways of dealing with cyberattacks are no longer enough. Traditional methods like perimeter defences, incident response, and backups are still important practices for cyber hygiene, but they don’t complete the cyber resilience puzzle.
In the modern threat landscape, businesses need to anticipate breaches and arrange their defences accordingly. There is an increasing volume of potential entry points for an attack. Almost every supplier is now incorporating cloud assets within their networks, which is greatly expanding the attack surface.
So, breaches are inevitable, and the focus should be on containing them.
Cloud migration and its new attack vectors
The growing adoption of the cloud has been a blessing for supply chains. However, rushing into cloud adoption without the necessary safeguards and pre-emptive strategies puts businesses at risk from cybercriminals.
For instance, traditionally isolated systems, such as ICS and OT systems, are now connected to cloud infrastructures. These physical systems were designed without security in mind and don’t have the same in-built security mechanisms as other internet-facing assets.
So, integrating them with cloud systems automatically instils a certain extent of vulnerability. This is why cloud-based attack vectors have significantly increased across supply chains. Cybercriminals are constantly exploiting vulnerabilities in cloud configurations, APIs, and third-party services.
For example, attackers can gain access to cloud environments through phishing campaigns, targeting employees or by exploiting weak authentication protocols. Once inside, they can move laterally across the network, potentially reaching critical operational systems. This level of exposure is deeply concerning for businesses with internet-facing assets across their supply chains.
Additionally, the use of third-party cloud services introduces further risk. Companies today have to rely on the security practices of their vendors, which may not always align with their own security standards.
Disruption and downtime over data exfiltration
Cybercriminals also recognise that disrupting supply chains can be far more damaging (and profitable) than stealing data. For instance, the attack on Toyota led to a temporary shutdown of production at multiple plants. The incident highlighted that even a short-lived disruption can have significant ripple effects throughout a global supply chain, especially on businesses operating on just-in-time (JIT) production schedules.
For ransomware gangs, targeting operational up-time also increases their likelihood of attaining a ransom. In 2023, for example, the CLOP ransomware group, exploited a zero-day vulnerability in the MOVEit software, which is widely used for secure file transfers. This breach impacted hundreds of companies globally within the software supply chain, including manufacturer Leggett & Platt as well as oil and gas multinational Shell. As a result, some of the businesses ended up paying around $75 to $100 million in ransom to CLOP.
The interconnected nature of global supply chain networks means that manufacturers can’t prevent every attack. So, the key is to minimise an attack’s impact. The only way to achieve this is by adopting an assume-breach-mindset and implementing risk-based strategies to contain the exposure.
Towards a “break-glass style” response system with Zero Trust
Ultimately, the onus of mitigating these supply chain risks falls on the customer-facing businesses themselves. This means companies that leverage the manufacturing or production supply chains to market the products to the general consumers.
Businesses today need a proactive “break-glass style” emergency response system across its supply chain. They must implement predefined emergency protocols to prioritise operational continuity. The Zero Trust model is the perfect strategy to establish this practice.
A Zero Trust security model operates on the principle of “never trust, always verify.” It’s a dynamic security strategy for building cyber resilience, and assumes that threats can exist both outside and inside the network.
At the core of Zero Trust is the principle of least privilege access. Users and devices are granted only the permissions necessary to perform their tasks. This minimises the attack surface by ensuring that even if a system is compromised, the potential damage is limited.
In practice, Zero Trust means that unauthorised access is blocked at every level. So, it becomes exceedingly difficult for cybercriminals to move laterally across the network.
5 steps to establishing a Zero Trust architecture
The most effective approach to building a Zero Trust network architecture starts with a 5-step model.
Step 1: Identify
Primarily, organisations must identify essential systems required to maintain production during an attack. They must identify where their sensitive data is stored, who accesses it, and how it’s used. This requires a clear and simplified data classification system.
Step 2: Map
From there, security teams must map out how the sensitive data flows across the network, between users and resources. In this phase, it’s important to engage stakeholders like application and network architects to create accurate transaction flow maps. This is crucial for effective data security.
With this knowledge, security teams can now start implementing Zero Trust Segmentation (ZTS) or microsegmentation technologies.
Step 3: Implement
ZTS divides networks into isolated segments. Each segment has its own security controls, containing breaches and protecting critical systems. Unlike traditional security methods, ZTS is dynamic. It allows quick, flexible security adjustments, which are essential for protecting hybrid environments.
This ensures that even if one segment of the supply chain network is compromised, the entire operation isn’t disrupted. In fact, in a recent survey with 1,600 IT and security decision makers, we found that 93% consider ZTS as a critical component to their cloud security strategy.
Step 4: Automate
The next phase is to establish an automated rule base to enforce access control and inspection policies. Security teams must define rules that strictly limit access to each network segment based on need-to-know principles. All traffic, both internal and external, must be logged and inspected to detect potential threats and identify areas for improvement.
Step 5: Monitor and maintain
Finally, make sure to continue to monitor and maintain the network. As businesses become more globalised, supply chain networks will only become larger and more complex. Cloud migration and digital transformation will continue in full swing. And for cybercriminals, the attack vectors will only increase.
However, with Zero Trust in place, attackers can’t force the mass-scale disruption they strive for every time. Shifting to a break-glass style response system with Zero Trust is the only viable way for supply chains to become more resilient.
- Digital Supply Chain
- Risk & Resilience