{"id":6832,"date":"2021-02-12T17:09:11","date_gmt":"2021-02-12T17:09:11","guid":{"rendered":"https:\/\/cybersmart.com\/?p=6832"},"modified":"2021-10-04T12:24:12","modified_gmt":"2021-10-04T12:24:12","slug":"why-supply-chains-are-the-greatest-cybersecurity-risk","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/why-supply-chains-are-the-greatest-cybersecurity-risk\/","title":{"rendered":"Why supply chains pose the greatest cybersecurity risk to your business"},"content":{"rendered":"

What do you think of when you imagine a typical cyberattack?<\/span>
\n<\/span>
\n<\/span>If you\u2019re like most of us, then chances are you immediately thought of a high-profile attack on a single organisation, say, the <\/span>Twitter<\/span><\/a> or <\/span>Mariott<\/span><\/a> breaches in 2020.<\/span><\/p>\n

In reality, cybercriminals rarely enter through the front door. Here\u2019s why supply chains pose the greatest risk to your cybersecurity. <\/span>
\n<\/span><\/b><\/p>\n

<\/b>What do we mean by supply chains?\u00a0<\/b><\/h3>\n

As a small business, you\u2019re almost certainly part of a supply chain. Depending on what your company does, you could be a supplier, vendor, distributor or retailer. Your part in the supply chain isn\u2019t the important thing. What\u2019s important is the symbiotic relationship this gives you with other businesses in the chain.<\/span><\/p>\n

Think of it as akin to the way different species exist in nature. This relationship can be mutually beneficial; bees need the pollen from flowers for food and energy, flowers need bees for pollination. Or, the relationship can be destructive, as the increasing number of zoonotic diseases (such as COVID-19 and SARs) passed from animals to humans proves. The same is true of the ties between businesses.\u00a0<\/span><\/p>\n

Why do supply chains pose a cybersecurity risk?\u00a0<\/b><\/h3>\n

When business leaders evaluate their cybersecurity, most know the first place to look is within their organisation \u2013 at their own people, systems and infrastructure. Unfortunately, that\u2019s no longer enough.\u00a0<\/span><\/p>\n

According to research, up to <\/span>80% of cyberattacks<\/span><\/a> now begin in the supply chain. Cybercriminals have realised that to target high-profile businesses, you don\u2019t need to attack the organisation itself. Big corporate enterprises often have the best in cybersecurity tools and processes, so breaching their defences is difficult. <\/span>
\n<\/span>
\n<\/span>However, the SMEs who supply or provide services to these big companies usually have far more modest defences. And, crucially, they provide a \u2018backdoor\u2019 into bigger organisations by being part of the supply chain. A breach at even the smallest link in the supply chain can have dire consequences for everyone within it. This makes SMEs a prime target for cybercriminals with an eye on big enterprises.\u00a0<\/span><\/p>\n

A great example of this is the recent <\/span>SolarWinds attack<\/span><\/a>. By breaching SolarWinds (an IT infrastructure provider), cybercriminals were able to gain access to some of the world\u2019s largest tech companies, including Microsoft, Intel and Cisco.\u00a0<\/span><\/p>\n

How to protect your business\u00a0<\/b><\/h3>\n

So, if supply chains pose such a risk to your cybersecurity, what can you do about it? Small suppliers can\u2019t help being targeted by cybercriminals. And large enterprises can\u2019t control what everyone in their supply chain is doing all of the time.\u00a0<\/span><\/p>\n

Fortunately, there are a few things you can do to reduce the risks.\u00a0<\/span><\/b><\/p>\n

Get your cybersecurity in order<\/b><\/b><\/h4>\n

Although you can\u2019t always control what everybody else in your supply chain is doing, good cyber hygiene begins at home. This means that your priority should be ensuring your own cybersecurity is up to scratch.<\/span>
\n<\/span>
\n<\/span>A great place to start is by getting Cyber Essentials certified. The government-backed certification scheme assesses your business against five key cybersecurity controls:<\/span><\/p>\n