The end of the year is conducive to analyzes and assessments of the past twelve months, in order to learn lessons and prepare for the aftermath accordingly. In terms of cybersecurity, 2021 has seen digitization accelerate due to the pandemic, and so have cyber attacks. More specifically, the supply chain has concentrated a significant volume of these malicious campaigns; because it remains too often ignored in cybersecurity strategies. Because 2022 will almost certainly put the global supply chain back in the spotlight, companies need to get up and running now, because they won’t (anymore) be able to say they didn’t know.
Attacks on the supply chain will continue to grow
Faithful to the “island hoping” strategy, cybercriminals always target the weakest link in a company in order to interfere in its computer network. However, while 84% of companies do not effectively contain the cyber risks of their third parties according to a BCG report, the supply chain still remains a key target for hackers.
With the pandemic, companies are accelerating their digital transformation in order to strengthen the visibility, agility and resilience of their business activities and to meet the needs of their customers. More critical data is shared every day across large global supply chains. All organizations are therefore now connected and therefore likely to be the weak link in the chain.
As a result, malicious campaigns targeting the supply chain will increase in number. To protect themselves, businesses will have no choice but to strengthen the cybersecurity of their entire ecosystem, not just theirs. This will require a holistic view of the cyber maturity of all the third parties with which they interact, but also being able to identify critical vendors and keep tabs on their security practices.
Health data will always be particularly targeted
In May 2021, the Ministry of Solidarity and Health decreed that cybersecurity in the health and medico-social field was a national priority. Indeed, this sector lags behind the attackers.
Digitization has indeed accelerated with the pandemic; following in particular the development of teleconsultation and remote treatments, or even making an appointment to be vaccinated via online applications and platforms.
This extensive digital presence has therefore increased the attack surface and this situation should continue to grow; so many opportunities for cybercriminals to get their hands on health data, the sale of which is very lucrative on the Dark Web. Organizations in this sector must therefore ensure that all third parties with which they interact have a level of security in accordance with their requirements, to be able to cope with the threat landscape.
InfoSec, Purchasing and Codir will work together more
On the one hand, companies are gradually becoming aware of the cyberthreats that hover over their resources and their activity. On the other hand, everything suggests that massive attacks linked to the supply chain should once again make the headlines in 2022. Thus, according to Forrester, 60% of security incidents will be linked to third parties in 2022.
This is why it is to be expected that companies will implement, or strengthen, third party risk management. In addition, the latter will no longer be the sole responsibility of the teams dedicated to cybersecurity (InfoSec).
The management committee (Codir) as well as the purchasing department will indeed want to take part in the conversation, due to increased awareness of cyber risks, as well as their repercussions in financial or image terms. By working together, these decision-makers should place greater emphasis on cybersecurity and its integration into business processes.
Cyber attacks against the supply chain should therefore continue and even intensify in 2022. While some targets seem obvious,
like the health sector, no one is immune to these campaigns. Awareness and a forced update of cybersecurity strategies therefore represent the only levers to face this threat and ensure that all links of the supply chain are satisfactorily secured. This is a collective effort because all organizations in an ecosystem are as vulnerable as their weakest link.