EXECUTIVE SUMMARY:

In 2024, supply chain security must become a top priority. Public agencies and industry experts agree that the supply chain needs to command greater attention. Organizations need to remain cognizant of consequences surrounding supply chain security failures.

“We need to figure out how to make the supply chain more secure and make sure people know about the risks involved,” says Check Point expert Augusto Morales.

Supply chain security

An increase in the number and sophistication of supply chain attacks renders this issue a challenge for organizations to keep up with. The hype around AI and ML also plays a part.

“My prediction for 2024 is that high impact, sophisticated attacks will hide behind the themes of AI/ML and create larger data breaches much like MOVEit and other supply chain attacks,” says Mark Ostrowski, Head of Engineering U.S., East for Check Point.

In 2024, we may also see cyber criminals weaponize zero-day vulnerabilities and emails in order to launch sophisticated supply chain attacks.

Critical infrastructure impact

As noted earlier, the impact of supply chain attacks can be extensive, engendering far-reaching consequences.

If critical infrastructure is disrupted, a nation’s citizens may be unable to work, attend school, or on a more basic level, obtain the resources that are essential to survival.

Now the poster child of critical infrastructure attacks and supply chain fallout, the infamous Colonial Pipeline attack of 2021 resulted in mass-panic around energy resources, placing businesses and individuals in harm’s way.

At the end of the day, the incident reinforced the need to proactively address supply chain security. Supply chain attacks that disrupt critical infrastructure ultimately pose threats to national security, rendering a nation vulnerable to a wide array of cyber and physical hostilities.

Supply chain and NIS2

In the European Union, the Network and Information Security Directive (NIS2), which takes effect in October of 2024, includes provisions pertaining to supply chain security.

Individual companies are required to address the security of supply chains and supplier relationships. EU member states will be able to carry out coordinated risk assessments of critical supply chains, meaning that much will be subject to serious scrutiny.

With new legal frameworks coming into place, it’s never been more important for companies to prioritize cyber security in their supply chains.

U.S. Executive Order

In response to the escalating volume of threats, the Biden-Harris administration has issued an executive order mandating the improvement of the software supply chain. The executive order calls for the adoption of security best practices that will help build “trust and transparency” in the systems that power our lives.

Recommendations

Recent breaches highlight the critical importance of stronger security protocols within the supply chain. Protect your systems from supply chain attacks with these tips:

• Leverage vendor-risk assessments in order to ensure that third-party ecosystems are as secure and protected as possible.
• Encourage your third-party partners to adopt robust threat intelligence systems, which can provide real-time updates into threat actors’ activities.
• Implement the principle of least privilege and in so doing, assign all employees and software only the permissions required to perform task functions.
• Segment your network, as even the most trusted of third-parties and partner organizations do not need unfettered access to every element of your network.
• Automate certain processes, including threat prevention and threat hunting, to ensure accurate and efficient results that can be used to identify the threats stemming from vendors, suppliers or ecosystem partners.

“As cyber criminals target smaller downline suppliers in order to access bigger companies, organizations must demand stricter evaluations and implementation of security protocols to prevent further attacks,” says one security expert.

Supply chain security management isn’t easy, especially when it requires new modes of operation, new investments and new collaborations. But despite the challenges, within your digital ecosystem, commit to continuous supply chain security improvement and help build a safer world in 2024.