Intelligent CIO Europe Issue 53 - Page 92


Four principles for improving digital supply chain resilience

David Smith , Senior Security Consultant at Evalian , discusses the key considerations for improving supply chain security and ultimately reducing the risk of a supply chain attack impacting your company .

Supply chain attacks have become a mainstay in the headlines , with highprofile security incidents like the Kaseya and SolarWinds breaches impacting thousands of organisations worldwide .

A supply chain attack occurs when digital services or technologies of a vendor are compromised , allowing a criminal to move into the networks and systems of customers . Just like physical supply chains , companies rely on various digital partners to provide services and products .
Digital supply chains can be disrupted or compromised in many ways . The most damaging and sophisticated attacks allow an attacker to linger in a network unnoticed , often for a long time . Commonly called ‘ backdoors ’.
In the case of SolarWinds , criminals were able to modify SolarWinds ’ product , Orion , with malicious code that was subsequently distributed via software updates . This code was thought to have been inserted in mid-2019 but was not publicly reported until December 2020 . Orion , ( ironically ) intended to protect an organisation ’ s networks , became a gateway for attackers to access the systems of many large enterprises and key US Government departments .
While such attacks are complex , they ’ re also quite common . The European Union Agency for Cybersecurity suggests 66 % of supply chain attacks target the product
92 INTELLIGENTCIO EUROPE www . intelligentcio . com