For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.
Likewise, data from Netscout’s 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing.
When hackers focus so much attention on attacking a particular area, it’s important to understand what it is and how your company can protect against such attacks.
Why Hackers Attack Supply Chains
A supply chain attack enables malefactors to compromise enterprise networks by attacking connected applications or services owned or used by outside partners, such as suppliers. Using the SolarWinds attack as an example, hackers focused their attentions on SolarWinds in order to gain access to a list of lucrative suppliers and customers.
In other words, a supply chain attack may start several companies removed from the intended target, making it harder to spot. Such attacks also are becoming harder to trace because many are carried out using open-source tools that are publicly available.
Perhaps more frustratingly, companies often don’t consider the risk serious enough to protect themselves against it. In a survey of executives from leading companies in the UK, 91% said cyberattacks are a high or very high risk to their business. Nevertheless, nearly a third admit to taking no action on supply chain security, and only 69% say they’re actively managing supply chain risks.
In its November 2021 report on supply chain cybersecurity, the UK’s Department for Digital, Culture, Media & Sport (DCMS) found that the biggest challenges to acting on digital supply chain risks were establishing control of the supply chain (86%) and the need to improve, evolve, and maintain security (85%). Likewise,…