Here is a refresher for organizations that may have focused on protecting against direct cyberattacks but not against third-party risks.

An increase in the number and sophistication of supply chain attacks in 2023 has had public agencies and industry experts alike emphasizing that supply chains need to command greater attention in 2024. 

The hype around AI and ML also plays a part. Our prediction for 2024 is that high impact, sophisticated attacks will hide behind the themes of AI/ML and create larger data breaches much like MOVEit and other supply chain attacks. 

We may also see cyber criminals weaponizing zero-day vulnerabilities and emails in order to launch sophisticated supply chain attacks.

Three supply-chain resilience factors will therefore impact 2024:

    • Critical infrastructure
      In the event of critical infrastructure attacks, a nation’s citizens may be unable to work, attend school, or at a more basic level, obtain the resources that are essential to survival. Now the poster child of critical infrastructure attacks and supply chain fallout, the infamous Colonial Pipeline attack of 2021 resulted in mass-panic around energy resources, placing businesses and individuals in harm’s way. Ultimately, the incident has reinforced the need to proactively address supply chain security.

    • Europe’s NIS2
      In the European Union, the Network and Information Security Directive (NIS2), which takes effect in October of 2024, includes provisions pertaining to supply chain security. Individual companies are required to address the security of supply chains and supplier relationships. EU member states will be able to carry out coordinated risk assessments of critical supply chains, meaning that much will be subject to serious scrutiny. With new legal frameworks coming into place, it will be more important for firms to prioritize cybersecurity in their supply chains.

    • The Biden administration’s Executive Order
      In response to the escalating volume of threats, the US government has issued an executive order mandating the improvement of the software supply chain. The executive order calls for the adoption of security best practices that will help build “trust and transparency” in the nation’s critical systems.

Five ways to do our part

Protect all systems from supply chain attacks with these tips:

    • Leverage vendor-risk assessments in order to ensure that third-party ecosystems are as secure and protected as possible.
    • Encourage third-party partners to adopt robust threat intelligence systems that can provide real-time updates into threat actors’ activities.
    • Implement Zero Trust principles.
    • Segment all networks: even the most trusted of third-parties and partner organizations do not need unfettered access to every element of your network.
    • Automate certain processes, including threat prevention and threat hunting, to ensure accurate and efficient results that can be used to identify the threats stemming from vendors, suppliers or ecosystem partners.

Organizations must demand stricter evaluations and implementation of security protocols from their vendors and partners. Supply chain security management is not easy, especially when it requires new modes of operation, new investments and new collaborations. However, despite the challenges, every firm needs to do its part to commit to continuous supply chain security improvement.