What is a supply chain attack?

Supply Chain Attacks, also called a value-chain or third-party attack occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changed the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before.

The risks associated with a supply chain attack have never been higher, due to new types of attacks, growing public awareness of the threats, and increased oversight from regulators. Meanwhile, attackers have more resources and tools at their disposal than ever before, creating a perfect storm. The recent SolarWinds attack is a prime example.

Supply chain attacks are one of the leading cybersecurity threats that CEOs, IT managers, and data security officers have to face.

Enterprises spend money to insure against risk; the same is not true for a large number of SMEs. A supply chain frequently constitutes a significant risk to cybersecurity. Business partners will have privileged access to systems, but lower information and data security standards – and lack training on the importance of handling sensitive information carefully.

A contract is not enough: even though the legal responsibility for a breach sits with the supply chain, there is no guarantee an SME within the supply chain will appreciate the magnitude of cyber risk and manage it accordingly.

Any questions… feel free to reach out to me via dan@rhyno.io or in a comment below.


Dan Duran – CTO – Rhyno Cybersecurity

About Rhyno Cybersecurity

Here at Rhyno, we work seamlessly with company leaders and their staff, helping to bridge internal divides that can weaken an organization’s security framework.