Insights ▸ Spotlight ▸ Stopping the Domino Effect: Cyber Resilience in the Supply Chain

View as PDF

06.2022 . Spotlight

Stopping the Domino Effect: Cyber Resilience in the Supply Chain

Supply chains connect companies, industries and countries. They are the backbone of global trade and economic growth. But increasingly, they become an attractive target for attackers.

In this ISTARI Perspective, the former CISO at McKinsey teams up with former director of UK intelligence agency GCHQ to describe the problem and three steps companies can take to improve cyber resilience in their supply chains – and stop the domino effect.

Cyberattacks on supply chains can quickly escalate in unpredictable ways.
The problem of cyber risk in supply chains is not new; it’s been a decade since the infamous breach of retailer Target through an air conditioning vendor.
But it’s a problem that is growing: ISTARI recently asked a room full of CISOs about their experience with the potential domino effect that arises from supply chain cyber risk. Almost half had experienced a cyberattack that originated from their supply chain, and three quarters responded that their company’s supply chain had been indirectly disrupted or impacted by a cyberattack on one of their suppliers.
Supply chains face three types of cyber risk:
- A core supplier suffers a cyberattack that disrupts the flow of goods or services
- A company suffers a breach through one of its suppliers: attackers move laterally across supply chains to get a foothold in other company’s networks
- An organisation suffers a breach because of a vulnerability embedded in a third-party software company.

Companies can do three things to improve the cyber resilience in their supply chain:

Set clear ownership: One individual or team should be incentivised to assess and reduce supply chain risk and be allocated with sufficient resources
Assess and prioritise suppliers: Instead of categorising suppliers by contract size, prioritise suppliers based on risk factors
Fix the past – and anticipate the future: Fixing legal and regulatory problems allows you to look forward and implement real-time cyber risk identification and management of the supply chain.

Why does this matter for businesses?

Many companies regard building cyber resilience in their supply chains an insurmountable task.

But starting to build cyber resilience in the supply chain isn’t impossible – it’s a strategic necessity.

Read the full article

Robert Hannigan

Robert Hannigan is the Chairman of International Business at BlueVoyant and an advisor to a number of governments and international companies. He was a British civil servant who previously served as the director of the signals intelligence and cryptography agency, the Government Communications Headquarters (GCHQ), and established the UK’s National Cyber Security Centre (NCSC). Since 2021, he is the Warden of Wadham College, Oxford University.

Stopping the Domino Effect: Cyber Resilience in the Supply Chain

Supply chains connect companies, industries and countries. They are the backbone of global trade and economic growth. But increasingly, they become an attractive target for attackers.

Why does this matter for businesses?

Read the full article

Robert Hannigan

What to read next

Analysis of Top 11 Cyber Attacks on Critical Infrastructure

The Global State of Industrial Cybersecurity 2023

2023 Threat Report – OT Cyberattacks With Physical Consequences