A new Kaspersky report – produced in association with leading freight transport insurer TT Club – has revealed that despite a rise in cyberattacks during the supply chain crisis, 16% of UK businesses deprioritised CyberSecurity last year amid the pandemic, port closures, HGV driver shortages and other challenges associated with Brexit.
Cybercriminals have become ever more sophisticated at exploiting organisational silos, security gaps caused by remote working and the supply chain crisis, to undermine the safety and security of critical systems. So much so that companies across the UK and Benelux reported a 30% rise in the number of cyberattacks they faced during last year, compared to previous years.
Indeed, the National Cyber Security Centre (NCSC) recently reported an unprecedented 777 incidents over the last 12 months – up from 723 the previous year. High-profile attacks, such as the SolarWinds attack in 2020, have demonstrated how threat actors can target a vast number of organisations by breaching a single link in a supply chain.
Despite these threats, Kaspersky’s report – titled Supply Chain CyberSecurity – Potential Threats and Rising to the Challenge – found that both enterprises and SMEs are showing a worrying level of complacency when it comes to protecting the resilience of their supply chains. Even though almost three-quarters (72%) of companies state CyberSecurity threats are their number-one concern, only a third (33%) have the necessary internal resources and knowledge to respond to a CyberSecurity incident. And just 35% are certain they have taken every possible step to mitigate third-party risks in their organisation. The findings reveal that companies that deprioritised CyberSecurity did so in favour of other real-time challenges, such as HGV driver shortages and other logistical issues caused by the pandemic.
“At TT Club we are constantly assessing the risk profile of the global supply chain and alerting the industry to our concerns, hence our support of this unique report,” says TT Club’s Managing Director, Loss Prevention Mike Yarwood. “One should not underestimate cyber criminals. They are agile, focused and highly sophisticated, presenting a significant threat to businesses in the global supply chain. As we emerge from the COVID-19 pandemic, TT would encourage a re-evaluation of cyber risk policies and urge operators to satisfy themselves that sufficient resource is allocated to addressing this threat. Resilience in the face of cyber risk is critical.”
A supply chain attack targets an organisation by infiltrating or attacking a business that sits in its chain of suppliers. If one of these entities has low CyberSecurity threat protection – or it is avoiding some specific cyber security hygiene protocols – it could become the entry point into a much wider network of suppliers. The risk can vary greatly and adds to a company’s threat surface complexity.
A vulnerability in one organisation can significantly impact somewhere else in the supply chain, whether that’s via compromised personal identity or payment credentials. If a supply chain’s weak link is exploited, a business can be brought to its knees. Yet, Kaspersky’s report reveals that just a fifth (20%) of businesses have a third-party risk management solution in place and only 18% of companies have cyber/business resilience insurance.
Commenting on the findings, David Emm, principal security researcher at Kaspersky, stated: “The pandemic, Brexit and supply chain crisis have complicated the cyber threat landscape, making it crucial that organisations take steps to defend against evolving threats under new circumstances. Cyberattacks and data breaches can be highly injurious to any business in terms of damage to reputation, costs of remediation, lost business and other expenses. Companies must ensure they only share data with reliable third parties and extend their existing security requirements to suppliers. We urge businesses large and small to scrutinise their suppliers’ credentials as part of the standard due diligence and contracting process, or risk sleepwalking into a CyberSecurity disaster.”
To read Kaspersky’s Supply Chain CyberSecurity – Potential Threats and Rising to the Challenge report in full, click here.
Kaspersky is a global CyberSecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies, and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
About TT Club
TT Club is the established market-leading independent provider of mutual insurance and related risk management services to the international transport and logistics industry. TT Club’s primary objective is to help make the industry safer and more secure. Founded in 1968, the Club has more than 1100 Members, spanning container owners and operators, ports and terminals, and logistics companies, working across maritime, road, rail, and air. TT Club is renowned for its high-quality service, in-depth industry knowledge and enduring Member loyalty. It retains more than 93% of its Members with a third of its entire membership having chosen to insure with the Club for 20 years or more.
During November and December 2021, Arlington Research surveyed 240 C-suite, middle managers (director level and above) and senior managers who are also sole or joint decision makers for CyberSecurity, IT and information security, across both SMEs (businesses with an annual revenue of less than £/€100m) and enterprises (businesses with an annual revenue of more than £/€100m). 150 interviews were completed in the UK (split 100 SMEs and 50 enterprises) and 90 interviews were conducted across Benelux (split 75 SMEs and 15 enterprises).