You might think your IT systems are impenetrable but the growing trend for third-party supply chain hacks is putting companies at risk.
There's a saying in the IT world that your company's security is only as good as your weakest link.
Increasingly, that weak link can often be found outside your company – and the number of third-party supply chain attacks is not just growing but they're becoming ever more sophisticated and bolder. How robust is your supply chain management?
In the past year, aerospace giant Airbus has suffered four major cyberattacks with hackers using the VPNs of its suppliers to gain access to company information. It's a worrying trend.
VPNs are used by companies to give third parties remote access to their systems. The latest attack targeted four of Airbus' main suppliers, including engine maker Rolls-Royce and technology and engineering provider Expleo.
As a cutting-edge aeroplane manufacturer and military supplier, Airbus is a particularly tempting target for hackers and a number of commercially-sensitive documents were stolen in the attack.
Attacking supply chains
In June this year, a ransomware attack on ASCO Industries, an aeroplane parts manufacturer based in Belgium, caused it to temporarily suspend production in factories across four countries and send its employees home.
As well as a loss in productivity, data breaches cost companies on average $3.9m, according to the Ponemon Institute's Cost of a Data Breach report. That average figure rises to $4.29m if the breach was caused by a third party.
Third parties are increasingly being seen as the weak links in IT security and attacks are on the rise. Of those companies surveyed by Poneomon, 56% had experienced a data breach caused by a third party – and only one in five felt they were adequately equipped to deal with such attacks.
And that's not to mention the attacks on the third parties themselves, which can wreak havoc to your supply chain. The automotive industry, for example, uses a just-in-time supply strategy, receiving goods only when it needs them. Delays caused by cyberattacks can put the whole production schedule into meltdown.
Then there's the reputational impact of data breaches. The high-profile Panama Papers leak saw hackers steal 11.5 million files from law firm Mossack Fonseca exposing the financial records of hundreds of thousands of high-profile people eventually leading to the company shutting down.
The recent cyberattacks on Airbus suppliers should be a wake-up call to businesses everywhere – but there are ways to protect your company.
Countering third-party attacks
“Third parties – whether vendors, suppliers or customers – are a significant source of compliance and information security risk," said Lee Kirschbaum, Senior Vice President, Product, Marketing and Alliances at Opus Global. “Effectively managing these risks means looking across risk dimensions – from regulatory to financial viability and beyond."
Our HERE Network Positioning is a reliable location technology that helps you to apply an additional layer of security to your systems. For example, it can be used with your VPN to check from which location the request of an employee is originating. Click to learn more.