The recent arrests of four suspects linked to cyber attacks on major UK retailers like Marks and Spencer, Co-op and Harrods serve as a stark reminder of how vulnerable today’s supply chains truly are.
These attacks, which caused massive disruption earlier this year and reportedly cost M&S alone around £300 million in damages, highlight a disturbing trend in the cybersecurity landscape. Threat actors are no longer simply going after individual organizations.
They are targeting interconnected networks, exploiting trust within supply chains and leveraging the weakest link to gain access to critical systems.
President of Technology and Services at Arctic Wolf.
These kinds of attacks have become increasingly common, not solely because of the rapid technological advancement of threat actors’ tools, but because, put simply, they work.
When an attacker compromises a third-party vendor, whether that third-party is a Fortune 500 company or a small supplier, they can often bypass the traditional defenses of their actual target by using legitimate credentials or disguising their activity as that of a trusted entity.
Once inside the digital environment of their actual target, they move laterally, deploying ransomware or exfiltrating sensitive data before an in-house IT or security team realizes what’s happening.
The evolving threat landscape
In the case of the attacks on UK retailers, authorities believe a group associated with the cyber gang, Scattered Spider, was behind the attack. They used impersonation and social engineering to breach third-party systems, eventually gaining access to the larger supermarket networks.
This approach, which exploits human trust and organizational blind spots, is not new, and in fact has been made immeasurably easier by advances in generative AI, enabling criminals to fake audio, visual and text messages with near-perfect accuracy to their targets.
The current scale and success rate that these types of attacks operate with has forced a necessary reckoning across the cybersecurity community.
To defend against these threats, businesses must rethink how they manage cybersecurity across the entire supply chain. It is no longer enough to secure your own perimeter.
You must also understand and help enforce security standards for every vendor, supplier and partner you work with, and constantly be re-evaluating these standards.
Extending cybersecurity to third parties
A recent report found more than 62% of initial cybersecurity deployments revealed one or more latent threats (a hidden or dormant risk within an environment that hadn’t been detected by the organization's existing security measures). It’s time for leadership to understand that thoroughly vetting your vendors before giving them access to internal systems is absolutely essential.
This should include reviewing their security practices, ensuring they conduct regular assessments, establishing a clear incident response plan and actively promoting a culture of security awareness.
Beyond these measures, businesses need to apply strict limitations to what vendors can access, utilizing a least-privilege approach and a zero-trust model, giving vendors access only to the systems and data they need for their work and nothing more.
It is also essential to establish baseline cybersecurity standards for all third parties. These should include data encryption practices, access controls, patch management procedures and multi-factor authentication. These measures form the foundation of a resilient ecosystem and ensure consistency in how threats are mitigated.
Visibility and monitoring are also two critical pieces of the puzzle. Many organizations have limited insight into their environments, especially when it comes to vendor-connected assets.
That lack of visibility allows threats to linger undetected. To address this, organizations should create and maintain an accurate inventory of all assets, including those accessed by external parties, and establish 24x7 monitoring of logs, endpoints and user behavior to detect deviations from normal activity.
Establishing a baseline of what "normal" looks like is key to identifying early warning signs of compromise. When a threat actor attempts to move laterally or access something unusual, those changes stand out more clearly against a well-understood baseline.
Securing the entire ecosystem
Now is the time to take action. Begin by reviewing your current supply chain security posture. Identify where access is granted, what controls are in place and where gaps may exist.
Strengthen vendor agreements to include security expectations. Implement zero-trust and least-privilege models. Improve monitoring, both across your own environment and in coordination with key partners.
Cybersecurity is no longer a single-organization challenge. It is an ecosystem issue. And securing that ecosystem requires shared accountability, visibility, and vigilance at every level.
We list the best patch management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.