Attacks on supply chain companies have been trending up over the last few years. In 2021, we saw several major supply chain attacks against both technology and non-technology suppliers.
Last spring, the ransomware attack on petroleum supplier Colonial Pipeline caused gasoline shortages throughout the east coast. It also kicked off the rise in gas prices we are all experiencing now nationwide.
There was also a large digital supplier attack last year with Kaseya, a supplier of software that IT companies use to enable managed IT support connections, being breached. Kaseya’s remote management software was infected with malware, this infection then spread to its IT business customers and from them to their thousands of small business customers. A one-to-many attack.
In fact, 97% of companies have been impacted by a breach in their supply chain, and 93% have suffered a direct breach as a result of a supply chain security vulnerability.
Becoming the victim of an attack due to a third-party supply chain breach is becoming more common, making this an area you should emphasize when looking at your own network security strategy.
Here are some ways to mitigate your risk.
Start Asking Suppliers & Service Vendors About Cybersecurity
Do you know how well protected the vendors you work with are when it comes to IT security? Start asking about cybersecurity standards so you can better identify which vendors could leave you at risk of a trickle-down supply chain attack.
You want to look for cloud service providers that comply with some of the most stringent compliance standards, such as GDPR or HIPAA. Even if you don’t necessarily need to comply with those, knowing your technology partners do can give you peace of mind about their security.
With the number of digital vendors that the typical business needs to manage these days, it’s helpful to have the help of an IT pro for your vendor management. We can help ensure that vendors are well vetted for security risks.
Document All Suppliers & Risks If They’re Attacked
You don’t want to be blindsided by an attack that comes through one of your technology vendors, so it’s important to document all vendors and risks. Do this for both technology and non-technology suppliers that you work with.
Document the vendor and the risk that they pose should that company be hit with a cyberattack. In the case of a software supplier, your company could be directly impacted by a ransomware infection or other type of malware.
Other non-digital suppliers of goods or services could also have a negative impact on your company should their operations stop for a long period. You need to know where you stand with these risk factors.
Seek Out & Eliminate Uses of Shadow IT
There is a good chance that your business data is in cloud applications right now that you know nothing about. Eighty percent of employees admit that they use cloud tools for work that haven’t been officially approved by their company.
The use of this “shadow IT” has grown during the pandemic as employees adjust to the new work-from-home environment. Often, they have no idea that using a non-approved cloud service could leave their company at risk of a breach.
Survey employees to learn all the apps being used in their workflows. Eliminate any risky shadow IT and put a cloud use policy in place to discourage the use of unauthorized cloud applications. If you find any of the shadow IT apps being used is helpful, then research the security and approve it officially for use.
Look for Alternative Vendors As a Backup
If you manufacture and sell products for your business, then having a key raw material supplier go down due to a cyberattack can cause delays in your fulfillment of orders to your customers.
If all your data is kept in a single cloud service, you will be at much higher risk should that service be attacked than if you had a secondary service that you were using as well.
It’s important to have an alternative supplier where possible. Research potential alternative vendors that you could use for everything from your internet service to your key business supplies. Having this already done and any necessary agreements researched ahead of time will save you from potential downtime in the case of a supply chain attack on a primary vendor.
Fortify Your Own Cybersecurity Monitoring and Management
Make sure that your own defenses are fortified. While you don’t have much control over whether or not a supplier or vendor is breached, you can reduce the risk that the breach will impact your systems.
Using managed IT services that combine several cybersecurity best practices into one package is a great way to ensure all your bases are covered. Managed IT also includes 24/7 monitoring of your network for any threats, so if there is an infection in software you use, it can be caught and stopped immediately before it spreads.
Let’s Review Your Digital Supply Chain Risk Together
Rocky Knoll Technologies can help your Charlotte area business take a look at your digital supply chain risk and mitigate the use of shadow IT to improve your overall business continuity and security.
Schedule a consultation by calling 704.594.7292 or reach us online.
