Cybercrime remains a major global concern. Cybercriminals are using ever more sophisticated approaches and exploiting every means possible to intercept valuable data or disrupt computer systems. Organizations targeted and impacted by these attacks, including businesses, critical entities, governments, and entire economies, find themselves facing severe financial consequences and operational disarray. The global cost of cybercrime is expected to increase over the next four years, from $9.22 trillion in 2024 to $13.82 trillion by 2028, according to Statista’s Market Insights estimates.
One channel used by hackers that is quickly becoming a major concern is the IT supply chain. Cybercriminals exploit vulnerabilities in third parties in an organization’s supply chain, such as vendors, suppliers, and logistics and transportation companies, to infiltrate the organization’s IT systems or gain access to physical components intended to be implemented in products. Speculation that recent attacks on devices in Lebanon were the result of third-party tampering highlights the critical need to better secure not only software but also hardware supply chains. But what threat does the IT supply chain really pose and what can be done to minimize the risks?
Director of Product Security at Alcatel-Lucent Enterprise.
The weakest link
The 2020 SolarWinds cyberattack, which compromised the systems, data, and networks of thousands of organizations including the U.S. government, is the most notorious example of a large-scale attack on the software supply chain. But despite the revelation of this case and the recognition of the need to address the issue of securing the supply chain, there have been many others. These include attacks on Okta, Norton, 3CX, JetBrains, Airbus and Microsoft, all of which were equally crippling for the companies affected. Since 2021, cyberattacks targeting supply chains have increased by 431%, according to a report released last year by insurance company Cowbell. And industry analysts see few signs of the problem easing; Gartner predicts that the costs of these attacks will increase from $46 billion in 2023 to $138 billion in 2031.
For organizations and businesses, the threat of exposure to attacks via the supply chain is a major cause for concern. Unlike the complete visibility and control they have over their own systems, organizations have until now had little assurance that their vendors and partners have implemented the same high standards of security. Indeed, a recent white paper published by PK Press Club and Cargowise highlighted how 94% of supply chain leaders were concerned about vulnerabilities in their technology stack, and 24% were very or extremely concerned.
Regulators seek to bring standardized security to the supply chain
Such is the concern over the threat posed by the IT supply chain that authorities are beginning to enact regulations to reduce the number of incidents. In October this year, the new EU Network and Information Security Directive, version 2 (NIS2), came into force. This new legislation was introduced to establish a uniform and improved level of cybersecurity across European Union countries. It is essential that, in addition to organizations operating in sectors such as public administration, transport, energy, healthcare and banking, companies supplying goods or part of IT supply chains must also adhere to the NIS2 .
NIS2 will surely help raise awareness of the need to secure network infrastructure and ensure security measures are followed throughout the IT supply chain. However, beyond complying with the new regulations, organizations and technology providers must ultimately take responsibility for ensuring that their valuable data – and that of their customers – has the highest level of protection against theft or system attacks. But how do they go about it?
Mitigating the risk of attack through the supply chain
Each company or organization has its own unique supply chain consisting of the relevant third parties necessary to bring its specific solutions or services to market. As such, there is no “one way” to secure the supply chain, but there are steps all businesses should take to ensure their supply chains – both for software and for physical components or products – are as waterproof as possible, including:
Vendor vetting: Before selecting vendors, a comprehensive vetting should be carried out to verify security practices and ensure their reliability. Periodic audits: Conducting regular audits and checks on supply chain partners will ensure they maintain expected security measures. SLA: Implementation of contractual security requirements with logistics providers. to ensure they have appropriate security measures, such as tamper-proof seals on trucks. Monitoring the status of goods in transit: Technologies such as RFID and AI can help track the location and condition of goods throughout the logistics flow.
Using Gen AI to better monitor equipment location during transportation
Integrating generation AI into logistics operations is proven to not only make IT hardware supply chains more efficient, but also more secure. With its ability to extract data, process and structure unstructured data, such as emails, it provides an unprecedented level of visibility into the flow of goods, tracking their location and ownership at every stage.
Gen AI integration means logistics teams always know where shipments are, who is responsible for them, and can quickly respond to potential security threats before an incident even occurs. This level of visibility and control is invaluable for organizations seeking peace of mind knowing that all elements of their supply chain are well protected at every stage of production and transfer and free of any risk of interception or falsification.
As cybercrime continues to evolve in sophistication and scale, the threat posed by vulnerabilities within the IT supply chain cannot be overlooked. Organizations must face the reality that their security will only ever be as strong as the weakest link in their supply chain. New regulations such as NIS2 will be essential to ensure there is an adequate and standardized approach to security throughout the supply chain. However, for their own peace of mind and to ensure the integrity of their products and protect their valuable data, organizations should seek to diligently select supply chain partners, create a culture of transparency and use technologies advanced to ensure accurate tracking and monitoring of purchased components. and products. In light of today’s relentless levels of cybercrime, investing in supply chain security and resilience to protect against attacks is a relatively small price to pay.
We have presented the best professional VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you would like to contribute, find out more here:
