Cybercrime has evolved into a pressing global issue that organizations can no longer afford to ignore. With cybercriminals wielding increasingly sophisticated tactics, the threat they pose to valuable data and IT systems is more significant than ever. The fallout from these attacks impacts not only individual businesses but also critical infrastructure, governments, and entire economies, leaving them grappling with severe financial repercussions and operational chaos. According to estimates from Statista’s Market Insights, the global cost of cybercrime is projected to escalate dramatically, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.
Table of Contents
- The weakest link
- Regulators seek to bring standardized security to the supply chain
- Mitigating the risk of attack via the supply chain
- The use of Gen AI to better monitor location of hardware during transit
The weakest link
The infamous SolarWinds cyberattack of 2020 serves as a stark reminder of the vulnerabilities within the software supply chain. This widespread breach affected thousands of organizations, including the US government, illuminating the gravity of unchecked vulnerabilities. Despite heightened awareness surrounding this issue, numerous other supply chain attacks have emerged since, targeting major entities like Okta, Norton, 3CX, JetBrains, Airbus, and Microsoft. A report by insurance provider Cowbell revealed a staggering 431% rise in supply chain attacks since 2021, with analysts at Gartner forecasting costs associated with these attacks to leap from an estimated $46 billion in 2023 to an alarming $138 billion by 2031.
Moreover, organizations often find themselves exposed to risks outside of their control. While they maintain high standards within their own infrastructures, there remains a troubling lack of assurance regarding the security practices of partners and suppliers. In fact, a recent white paper by Reuters and Cargowise found that 94% of supply chain executives expressed concern over vulnerabilities in their technology stacks, with 24% reporting feelings of extreme concern.
Regulators seek to bring standardized security to the supply chain
In response to the increasing incidence of cyberattacks, regulatory authorities are beginning to enforce measures aimed at bolstering security throughout the IT supply chain. The introduction of the new EU Network and Information Security version 2 (NIS2) Directive in October this year marks a key step in establishing a uniform cybersecurity landscape across European Union member countries. This legislation mandates that not only organizations operating in critical sectors such as public administration, transport, energy, health, and banking adhere to robust regulations, but also those supplying goods or components within these essential IT supply chains.
NIS2 aims to promote greater awareness around the need for enhanced cybersecurity measures in network infrastructure. Nevertheless, compliance with this directive is just the starting point; organizations must proactively take ownership of their data security, prioritizing the protection of sensitive information belonging to both themselves and their customers. But what steps can organizations take to achieve this?
Mitigating the risk of attack via the supply chain
Every organization possesses a unique supply chain consisting of various third parties that play integral roles in delivering products and services to market. Consequently, there isn’t a one-size-fits-all approach to securing these intricacies. However, several key measures should be universally adopted to ensure that supply chains—comprising both software and physical components—are as fortified against potential threats as possible:
- Screening suppliers: Conduct thorough vetting processes to verify security protocols and establish trustworthiness.
- Periodic audits: Perform regular checks on supply chain partners to confirm adherence to security expectations.
- SLAs: Implement stringent contractual agreements with logistics providers that specify required security measures, such as tamper-proof seals on transport vehicles.
- Monitoring status of goods in transit: Utilize advanced technologies like RFID and AI to continuously track the location and integrity of shipments.
The use of Gen AI to better monitor location of hardware during transit
The integration of Gen AI within logistics operations is proving transformative, enhancing both the efficiency and security of IT hardware supply chains. By leveraging its capabilities to sift through and process unstructured data—such as emails—organizations can gain unprecedented visibility into the movement of goods, effectively monitoring their location and ownership at all stages of the logistics process.
This level of insight empowers logistics teams to maintain real-time awareness of shipments, identify responsible parties, and swiftly address potential security threats before incidents escalate. Such an ability for proactive threat management provides invaluable peace of mind to organizations, assuring them that every component in their supply chain is well protected against interception or tampering.
As the landscape of cybercrime continues to shift, the vulnerabilities within IT supply chains demand immediate attention. Organizations must acknowledge that their security posture is inherently linked to the weakest link present in their supply chain. New regulatory frameworks, such as NIS2, will be crucial in instituting a standardized approach to security. Simultaneously, organizations should focus on meticulously selecting supply chain partners, fostering a culture of transparency, and employing advanced technologies to enhance tracking and monitoring efforts for sourced components. Given the relentless surge in cybercrime, investing in supply chain security and resilience is a prudent measure to safeguard against potential attacks.
We’ve featured the best business VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Leave a comment