Cybercrime remains a major global concern. Cybercriminals are using increasingly sophisticated approaches and exploiting every possible means to intercept valuable data or disrupt IT systems. Organizations targeted and affected by these attacks, including businesses, critical entities, governments, and entire economies, face severe financial consequences and operational disarray. According to Market Insights estimates from Statista, the global cost of cybercrime is expected to increase over the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion in 2028.
One channel used by hackers that is quickly becoming a key concern is the IT supply chain. Cybercriminals exploit the vulnerabilities of third parties in an organization’s supply chain, such as vendors, suppliers, and logistics and transportation companies, to infiltrate the organization’s IT systems or access physical components intended to be implemented in products. Speculation that the recent attacks on devices in Lebanon were the result of tampering by third parties highlights the crucial need to better protect not only software supply chains but also hardware. But how much of a threat does the IT supply chain really pose and what can be done to minimize the risks?
Director of Product Security at Alcatel-Lucent Enterprise.
The weakest link
The SolarWinds cyberattack in 2020, which compromised the systems, data, and networks of thousands of organizations, including the US government, is the most egregious example of a large-scale software supply chain attack. But despite the exposure of the case and the recognition of the need to address the issue of securing the supply chain, there have been many others. These include attacks on Okta, Norton, 3CX, JetBrains, Airbus and Microsoft, all of which have been equally devastating for affected businesses. Since 2021, cyberattacks targeting supply chains have increased by 431%, according to a report published last year by insurance provider Cowbell. And industry analysts see few signs that the problem will abate; Gartner predicts that the costs of these attacks will increase from $46 billion in 2023 to $138 billion in 2031.
For organizations and businesses, the threat of exposure to attacks through the supply chain is a major cause for concern. Unlike the full visibility and control they have over their own systems, organizations to date have had little assurance that their vendors and partners have implemented the same high security standards. In fact, a recent white paper published by PakGazette and Cargowise highlighted how 94% of supply chain executives were concerned about vulnerabilities in their technology stack, and 24% were very or extremely concerned.
Regulators seek to bring standardized security to the supply chain
Concern about the threat posed to the IT supply chain is such that authorities are beginning to introduce regulations to curb the number of incidents. In October this year, the new EU Network and Information Security Directive version 2 (NIS2) came into force. This new legislation was introduced to establish a uniform and improved level of cybersecurity across all European Union countries. It is essential that, along with organizations operating in sectors such as public administrations, transport, energy, healthcare and banking, companies that supply goods or are part of IT supply chains must also adhere to NIS2.
NIS2 will surely help raise greater awareness of the need to protect network infrastructure and ensure security measures are met across the IT supply chain. However, beyond compliance with the new standard, organizations and technology providers must ultimately take responsibility for ensuring that their (and their customers’) precious data has the highest level of protection against theft. or attack the system. But how do they do this?
Mitigate attack risk across the supply chain
Each company or organization has its own unique supply chain made up of relevant third parties necessary to bring its specific solutions or services to market. As such, there is no “one way” to secure the supply chain; However, there are measures that all companies should take to ensure that their supply chains (whether for software, components or physical products) are as airtight as possible. These include:
Vendor Selection: Before selecting vendors, thorough research should be conducted to verify security practices and ensure reliability. Regular Audits – Conducting regular audits and checks on supply chain partners will ensure that they are maintaining expected security measures. SLA: implementation of contractual security requirements with logistics providers. to ensure they have adequate security measures in place, such as tamper-proof seals on trucks. Monitoring the status of goods in transit: Technologies such as RFID and AI can help track the location and status of goods throughout the entire logistics flow.
Using Gen AI to better monitor hardware location during transit
The integration of Gen AI into logistics operations is proving to not only make IT hardware supply chains more effective, but also much more secure. Thanks to its ability to extract data, process and structure unstructured data, such as emails, it provides an unprecedented level of visibility into the flow of goods, tracking both its location and ownership at every stage.
The integration of Gen AI means logistics teams always know where shipments are, who is responsible for them, and can quickly respond to potential security threats before an incident even occurs. This level of knowledge and control is invaluable for organizations seeking the peace of mind of knowing that all elements of their supply chain are well protected at every stage of production and transfer and pose no risk of being intercepted or tampered with.
As cybercrime continues to evolve in sophistication and scope, the threat posed by vulnerabilities within the IT supply chain cannot be overlooked. Organizations must face the reality that their security will only be as strong as the weakest link in their supply chain. New regulations such as NIS2 will be essential to ensure an appropriate and standardized approach to security throughout the supply chain. However, for their own peace of mind and to ensure the integrity of their products and safeguard their valuable data, organizations should seek to diligently select supply chain partners, create a culture of transparency, and utilize advanced technologies to ensure accurate tracking and monitoring. of the purchased components. and products. In light of today’s relentless levels of cybercrime, investing in supply chain security and resilience to protect against attacks is a relatively small price to pay.
We have presented the best business VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
