{"id":8636,"date":"2021-09-28T10:56:42","date_gmt":"2021-09-28T09:56:42","guid":{"rendered":"https:\/\/intelliworx.wpenginepowered.com\/uk\/?p=6842"},"modified":"2025-03-31T08:23:58","modified_gmt":"2025-03-31T08:23:58","slug":"supply-chain-attacks-are-you-prepared-and-protected","status":"publish","type":"post","link":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/","title":{"rendered":"Supply chain attacks \u2013 are you prepared and protected?"},"content":{"rendered":"<p>Supply chain attacks are on the rise. The European Union Agency for Cybersecurity found <a href=\"https:\/\/www.enisa.europa.eu\/news\/enisa-news\/understanding-the-increase-in-supply-chain-security-attacks\" target=\"_blank\" rel=\"noopener\">66% of attacks are now focused on the supplier\u2019s code<\/a>. Forward-thinking threat actors have begun looking past interfering with an organisation\u2019s IT system directly and have started looking at the trusted software and hardware the organisation utilises.\u00a0 These malicious actors have realised they can cause a huge amount of damage to organisations with good security posture by taking advantage of that trust and going through the back door.<\/p>\n<h2>Why should I worry about supply chain attacks?<\/h2>\n<p>In general, a supply chain is a system of resources involved in supplying a service or product. When it comes to technology, businesses rely on third-party software vendors to deliver their services or products \u2013 mostly software they don\u2019t have control over or is not developed in-house, but which is needed to deliver their services to their clients.<\/p>\n<p>In turn, hackers \u2013 or malicious actors \u2013 have turned to targeting these third-party software vendors. When organisations install the third-party applications, or run software updates or patches for the app, they must grant permission to the application, which in turn gives the application access to sensitive data and assets. By compromising just a single supplier \u2013 who stores sensitive data for multiple clients or customers \u2013 the malicious actors can potentially gain hundreds or even thousands of victims.<\/p>\n<p>So, instead of trying to infiltrate organisations or government agencies with solid security posture, cyber criminals have started targeting the third-party software vendors. These vendors don\u2019t, or can\u2019t, invest in the same cybersecurity resources as larger organisations, and the trust between a third-party vendor and organisation is then exploited. This strategy is called a supply chain attack. It enables malicious actors access to many organisations, where the malicious actors can extort them for all they\u2019re worth.<\/p>\n<h2><\/h2>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-8818\" src=\"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_1.jpg\" alt=\"it employees watching something on laptop\" width=\"800\" height=\"250\" srcset=\"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_1.jpg 800w, https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_1-300x94.jpg 300w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2>How supply chain attacks work<\/h2>\n<p>When a business or organisation installs a vendor\u2019s software, it provides the software with a digital signature, which verifies that the software is authentic to the organisation, allowing for the transmission of software to all networked parties. However, hidden within the vendor software, relying on the trust that signature brings, is the malicious code, previously injected by malicious actors without the vendor\u2019s knowledge.<\/p>\n<p>Through the legitimate process of software installation or update, the malicious code can gain access to organisation\u2019s restricted IT system \u2013 known as the attack vector. While it may not be activated immediately, malicious actors are then able to activate the code remotely.<\/p>\n<p>As the code has the same access privileges as the vendor\u2019s software, it will also have access to the same data or IT infrastructure. The malicious actor can then perform various cyberattacks, such as <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-07-04\/mass-ransomware-hack-used-it-software-flaw-researchers-say\" target=\"_blank\" rel=\"noopener\">mass ransomware attacks<\/a>. Many malicious actors try to do this work without rousing any suspicion from the organisation, stealing their data without being noticed.<\/p>\n<p>Other ways malicious actors can infiltrate an IT supply chain is through open-source code or foreign threat.<\/p>\n<p>Open-source code is packaged computer programming code developed with the intent of free distribution. Sonatype\u2019s <a href=\"https:\/\/www.sonatype.com\/resources\/white-paper-state-of-the-software-supply-chain-2020\" target=\"_blank\" rel=\"noopener\">2020 State of the Software Supply Chain Report<\/a> found that supply chain attacks targeting open-source software projects are a major issue for enterprises, as 90% of all applications contain open-source code and 11% have known vulnerabilities. These code packages can be enhanced or modified or included and built upon.<\/p>\n<p>Most applications today include some form of open-source code. As it is free, it doesn\u2019t have much security around it, making it much simpler for malicious actors to gain access to.<\/p>\n<p>The second way, foreign threat, leads malicious actors to target software developed in countries where the development is low-cost, adding another layer of supply chain attack risk to organisations.<\/p>\n<h2>Protecting against supply chain attacks<\/h2>\n<p>The best way for businesses and organisations to protect themselves from supply chain attack is to ensure every third-party vendor they use complies with strict cyber security standards. Adherence should be checked regularly; trusted vendors should be scrutinised based on the access their software needs, and the data the software will have access to. With more sensitive data, higher scrutiny is required. Each third-party assessment should be unique to the software being installed and should be conducted by a security expert.<\/p>\n<p>Two-factor authentication should also be used by the vendor, as this provides another hurdle malicious actors need to jump over to gain access.<\/p>\n<p>Once attacked, some businesses never recover.<\/p>\n<p>If you\u2019d like to know more about risk management, security vulnerabilities, and the supply chain risk to your business, talk to the cyber security experts at INTELLIWORX today.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.<\/p>\n","protected":false},"author":7,"featured_media":8900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[204,44,29],"tags":[43,36],"class_list":["post-8636","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-managed-it","category-security","tag-managed-it","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Supply chain attacks \u2013 how to make sure you are prepared &amp; protected<\/title>\n<meta name=\"description\" content=\"Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supply chain attacks \u2013 how to make sure you are prepared &amp; protected\" \/>\n<meta property=\"og:description\" content=\"Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/\" \/>\n<meta property=\"og:site_name\" content=\"Intelliworx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/IntelliworxGlobal\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-28T09:56:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-31T08:23:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1203\" \/>\n\t<meta property=\"og:image:height\" content=\"804\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shane Maher\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shane Maher\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supply chain attacks \u2013 how to make sure you are prepared & protected","description":"Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/","og_locale":"en_US","og_type":"article","og_title":"Supply chain attacks \u2013 how to make sure you are prepared & protected","og_description":"Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.","og_url":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/","og_site_name":"Intelliworx","article_publisher":"https:\/\/www.facebook.com\/IntelliworxGlobal","article_published_time":"2021-09-28T09:56:42+00:00","article_modified_time":"2025-03-31T08:23:58+00:00","og_image":[{"width":1203,"height":804,"url":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg","type":"image\/jpeg"}],"author":"Shane Maher","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Shane Maher","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#article","isPartOf":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/"},"author":{"name":"Shane Maher","@id":"https:\/\/intelliworx.co\/uk\/#\/schema\/person\/fcdcafd2949da93c85db26bfe5ea13bb"},"headline":"Supply chain attacks \u2013 are you prepared and protected?","datePublished":"2021-09-28T09:56:42+00:00","dateModified":"2025-03-31T08:23:58+00:00","mainEntityOfPage":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/"},"wordCount":767,"commentCount":0,"publisher":{"@id":"https:\/\/intelliworx.co\/uk\/#organization"},"image":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#primaryimage"},"thumbnailUrl":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg","keywords":["Managed IT","Security"],"articleSection":["Blog","Managed IT","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/","url":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/","name":"Supply chain attacks \u2013 how to make sure you are prepared & protected","isPartOf":{"@id":"https:\/\/intelliworx.co\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#primaryimage"},"image":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#primaryimage"},"thumbnailUrl":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg","datePublished":"2021-09-28T09:56:42+00:00","dateModified":"2025-03-31T08:23:58+00:00","description":"Supply chain attacks are on the rise. Learn how to protect your business by understanding the risks, and what you can do to mitigate them.","breadcrumb":{"@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#primaryimage","url":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg","contentUrl":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/09\/Supply-chain-attack_banner.jpg","width":1203,"height":804,"caption":"employees typing in their laptop during working hours"},{"@type":"BreadcrumbList","@id":"https:\/\/intelliworx.co\/uk\/blog\/supply-chain-attacks-are-you-prepared-and-protected\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/intelliworx.co\/uk\/"},{"@type":"ListItem","position":2,"name":"Supply chain attacks \u2013 are you prepared and protected?"}]},{"@type":"WebSite","@id":"https:\/\/intelliworx.co\/uk\/#website","url":"https:\/\/intelliworx.co\/uk\/","name":"Intelliworx","description":"Managed IT Services","publisher":{"@id":"https:\/\/intelliworx.co\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/intelliworx.co\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/intelliworx.co\/uk\/#organization","name":"Intelliworx","alternateName":"INTELLIWORX","url":"https:\/\/intelliworx.co\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/intelliworx.co\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/07\/INX-Logo-colour.png","contentUrl":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2021\/07\/INX-Logo-colour.png","width":600,"height":90,"caption":"Intelliworx"},"image":{"@id":"https:\/\/intelliworx.co\/uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/IntelliworxGlobal","https:\/\/www.linkedin.com\/company\/intelliworx\/"]},{"@type":"Person","@id":"https:\/\/intelliworx.co\/uk\/#\/schema\/person\/fcdcafd2949da93c85db26bfe5ea13bb","name":"Shane Maher","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2023\/12\/Maher_Shane_901-02229_Web-Retouched-96x96.jpg","url":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2023\/12\/Maher_Shane_901-02229_Web-Retouched-96x96.jpg","contentUrl":"https:\/\/intelliworx.co\/uk\/wp-content\/uploads\/sites\/6\/2023\/12\/Maher_Shane_901-02229_Web-Retouched-96x96.jpg","caption":"Shane Maher"},"description":"Shane Maher is the Managing Director at Intelliworx, responsible for providing overall business direction and supporting businesses in their digital transformation journey. Shane specialises in empowering businesses by providing comprehensive IT support and developing cutting-edge infrastructure solutions. His expertise lies in guiding MSPs through the transition to cloud services, leveraging the power of cloud technologies to enhance business operations. Shane's passion for supporting businesses' IT infrastructure and his extensive knowledge in cloud computing make him a valuable asset in driving successful digital transformations. With his wealth of knowledge and experience, he is committed to driving IT success for clients and helping them navigate the evolving technological landscape.","sameAs":["https:\/\/www.linkedin.com\/in\/shane-maher-ab92ba23\/"],"url":"https:\/\/intelliworx.co\/uk\/author\/shaneinx\/"}]}},"_links":{"self":[{"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/posts\/8636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/comments?post=8636"}],"version-history":[{"count":0,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/posts\/8636\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/media\/8900"}],"wp:attachment":[{"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/media?parent=8636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/categories?post=8636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/intelliworx.co\/uk\/wp-json\/wp\/v2\/tags?post=8636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}