O we ’ ve seen a surge in supply chain attacks such as the highly publicised SolarWinds and Log4j incidences . In fact , from 2021 to present day , third-party attacks have risen a whopping 650 %. Whether directly or indirectly , more than 95 % of companies have been impacted by a supply chain cybersecurity incident and according to Microsoft , it is only going to get worse .
While any organisation is at risk , given their reliance on third-party vendors , coupled with a lack of bandwidth and security presence , small- and medium-sized enterprises ( SMEs ) remain particularly vulnerable . Unfortunately , many SMEs appear unsure on how to prepare or respond to these types of cyberattacks . Although the situation sounds dire , there are mitigating actions that every SME should put in place to minimise the risk , exposure and impact of a supply chain breach . Things like reviewing their infrastructure , asking suppliers the right questions and creating a culture of transparency and accountability with vendors and partners should no longer qualify as optional .
Evaluate your infrastructure
To minimise supply chain attack risks , SMEs should conduct a comprehensive audit of their IT environment , which needs to include efforts to discover any unapproved shadow IT . Hardware and software asset inventories are essential components of any cybersecurity framework . SMEs need to also conduct an inventory of their vendors in order to properly evaluate exposure .
Since security considerations do not stop at the perimeter of your networks , you must take into consideration the posture of the vendors and partners who process your data and integrate with your systems and those you rely on for day-to-day operations . You need a clear understanding of what hardware and software is used , where the security gaps lie and which vendors and partners the business relies on – including the nature of those interactions , from processing proprietary or operational data to system interfaces and various levels of integration . It ’ s critical that the SME has a full understanding of the security gaps and risks
TO MINIMISE SUPPLY CHAIN ATTACK RISKS , SMES SHOULD CONDUCT A COMPREHENSIVE AUDIT OF THEIR IT ENVIRONMENT .