What is 'Supply Chain Attack'

A supply chain attack is a cyberattack that attempts to inflict damage to a company by exploiting vulnerabilities in its supply chain network. A supply chain attack entails continuous network hacking or infiltration processes to gain access to a firm’s network. More than 60% of cyberattacks originate from the supply chain or from external parties exploiting security vulnerabilities within the supply chain, according to a 2016 survey by Accenture.

BREAKING DOWN 'Supply Chain Attack'

The supply chain network is a frequent targets for cyber crimes, as a weak link in the supply chain can grant the cyber criminals access to the larger organization in custody of the data sought after. Supply chain attacks expose a conundrum in a company’s supply network which discloses that an organization’s cyber security controls are only as strong as that of the weakest party on the chain.

The adoption of various forms of emergent technology has brought about an enormous amount of data in various forms. Through resources like the internet, cell phones, and cloud computing, companies can now electronically obtain data and share it with their partners and third party vendors. Entities like individuals, businesses, and governments believe that that relevant information that can be mined from the data set can be used to better improve their operations and processes, and thus, improve their customer engagement. But the exchange of data conducted among various companies brings with it a certain level of risk which entails cyber theft. Sophisticated cyber criminals also realize the importance of the data held by companies and device strategies to gain access to the sensitive data. 

The drive to minimize operational costs through technological progress brought about the need for a supply network. A company’s supply network usually consists of third party entities like manufacturers, suppliers, handlers, shippers, and purchasers all involved in the process of making products available to the end consumers. Because the target company may have a security system that may be impenetrable for even the sophisticated cyber criminals, supply chain attacks are carried out on the third party businesses on the chain who are deemed to have the weakest internal measures and processes in place. Once one member’s security protocols are found to be weak, the member’s vulnerabilities become the target company’s risk.

Examples of Supply Chain Attacks

There are several ways a supply chain can be attacked. Theft of a vendor’s credentials can lead to the infiltration of the companies affiliated with the vendor. For example, Target was the victim of a supply chain attack in 2013. Its security measures were breached when one of its third-party’s security credentials was compromised. The credentials typically included login, passwords, and network access to Target’s computer. The vendor’s questionable security practices allowed hackers to gain entry into Target’s system resulting in the theft of 70 million customers’ personally identifiable information. The aftermath of the breach led to the CEO’s resignation and enormous costs for the company which topped $200 million.

Another way a supply chain can be attacked is through malicious software, popularly known as malware. By embedding malware such as worms, viruses, spyware, Trojan horses, along with counterfeit components that modify the source codes of a manufacturer’s software, cyber attackers can gain entry into the target company’s files and steal its proprietary information.

  1. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  2. Supply Chain Management (SCM)

    Supply chain management is the management of the flow of goods ...
  3. Zero Day Attack

    Zero Day Attack is an attack that exploits a potentially serious ...
  4. Supply

    Supply is a fundamental economic concept that describes the total ...
  5. Chain Store Sales

    An indicator that provides information on the monthly sales volumes ...
  6. Data Breach

    A data breach is an unauthorized access and retrieval of sensitive ...
Related Articles
  1. Personal Finance

    Why You Should Consider A Career In Supply Chain Management

    Supply chain managers ensure that increasingly global companies can coordinate distant sources of materials, labor, and manufacturing to successfully bring products to market.
  2. Insights

    Top Cyber Security Risks for Financial Advisors

    Cyber crime is on the rise. Here's what advisory firms, big and small, need to be aware of and how to prepare.
  3. Tech

    Why Tech Giants Are Acquiring Cyber Security Companies (SNE, HACK)

    Explore the factors behind the rise and consolidation of the cyber security segment, and the reasons why tech companies are targeting these firms for acquisition.
  4. Tech

    SWIFT Attacks: Hackers Strike Again

    The recent SWIFT cyberattack has revealed connections to the earlier Bangladesh and Sony attacks.
  5. Tech

    Can Blockchain Make Medications Cheaper and Safer?

    Blockchain-driven innovation has the potential to change the entire pharma lifecycle, from development through to delivery.
  6. Investing

    New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency

    Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.
  7. Tech

    Protect Your Small Business from Cybercrime

    Small business owners are a growing target for cyber-attacks; protect yourself and your clients.
  8. Investing

    Microsoft Brand 'Largely Unscathed' By WannaCry Attack: Report

    The WannaCry cyberattack that swept across the globe earlier in May, exploited a bug in unpatched Microsoft operating systems and it's time to assess whether it caused a dent in the company's ...
  9. Investing

    Android Phones Vulnerable to Wi-Fi Attacks: Report

    Cybersecurity experts say a new kind of attack lets hackers read Wi-Fi traffic, inject malware.
  10. Investing

    Cyber Security Threats to Move up the Agenda?

    A rise in government data breaches has fuelled speculation that companies with cyber security expertise will soon start to be rewarded by the DoD.
  1. What is the difference between a value chain and a supply chain?

    Learn the difference between a value chain and a supply chain, and why a company would want to maximize the value of both. Read Answer >>
  2. Value chain analysis: What are the advantages and disadvantages?

    Learn about the five activities that make up a generic value chain, and understand the advantages and disadvantages of value ... Read Answer >>
  3. Is demand or supply more important to the economy?

    Learn more about the impact of supply and demand in an economy. Find out why companies study supply and demand as part of ... Read Answer >>
  4. What are the primary activities of Michael Porter's value chain?

    Understand the primary activities of Michael Porter's value chain, and learn how a company can optimize those activities ... Read Answer >>
  5. How Does the Law of Supply and Demand Affect Prices?

    Learn how the law of supply and demand affects prices, as when one outweighs the other, prices can rise or fall in response. Read Answer >>
  6. What impact have terrorist attacks had on the insurance industry?

    Learn about the impact of terrorist attacks on the insurance industry and how the 9/11 terrorist attack led to important ... Read Answer >>
Hot Definitions
  1. Yield Curve

    A yield curve is a line that plots the interest rates, at a set point in time, of bonds having equal credit quality, but ...
  2. Portfolio

    A portfolio is a grouping of financial assets such as stocks, bonds and cash equivalents, also their mutual, exchange-traded ...
  3. Gross Profit

    Gross profit is the profit a company makes after deducting the costs of making and selling its products, or the costs of ...
  4. Diversification

    Diversification is the strategy of investing in a variety of securities in order to lower the risk involved with putting ...
  5. Intrinsic Value

    Intrinsic value is the perceived or calculated value of a company, including tangible and intangible factors, and may differ ...
  6. Current Assets

    Current assets is a balance sheet item that represents the value of all assets that can reasonably expected to be converted ...
Trading Center