Thursday 29th July 2021

BLOG: The Importance of Supply Chain Risk Management

With the recent controversy surrounding the huge supply chain attack on IT provider Kaseya, which was contrived by the infamous ransomware group REvil, there has been an increased focus and interest on chain risk management. Several hundred organisations were targeted by the REvil/Sodinokibi ransomware group in a supply chain attack involving Kaseya VSA software and multiple Managed Service Providers (MSPs) who use it. It is believed that this attack may have been planned and calculated to overlap with the US 4th of July holiday weekend, as numerous organisations could have been lightly staffed during this period.

A supply chain attack occurs when a system is infiltrated by an unknown individual or a provider with access to systems and data. Due to the ever-expanding cyber threat landscape, the risks associated with supply chain attacks have never been higher. Attackers have more resources and tools at their disposal than ever before. Supply chain risk management is the process of identifying, evaluating, and mitigating the risks associated with the supplied, issued and interconnected nature of a type of service’s supply chain.

The entire cycle of a system has to be monitored consistently and closely because of potential supply chain threats and vulnerabilities that can put organisations and individuals at risk, whether intentionally or unintentionally. Supply chains have always existed but previously, supply chain management was somewhat of a straightforward and linear process that was managed; however, today’s supply chain is no longer a linear entity and is rather an intricate compilation of different and sometimes contrasting networks.

The Kaseya supply chain attack was an example of the true extent that supply chain risk attacks have on organisations, initially, Kaseya stated that the incident affected only a small number of on-premises customers, but it was later revealed that a much larger number of companies were caught in the outcome of the attack.

Effective supply chain risk management improves and enhances the financial position of an organisation and can also increase customer satisfaction through the delivery of products and services. Contact us to understand how Orpheus Cyber can help with third party supply chain risk management.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.