Technology Record - Issue 23: Winter 21/22

170 www. t e c h n o l o g y r e c o r d . c om V I EWPO I NT “By targeting a weak point in a supply chain, a cyberattack may be more likely to succeed” Supply chain data hacks rose 42 per cent in the first quarter of 2021, according to new analysis from the Identity Theft Resource Center. However, most attacks go unreported, especially when it comes to ransomware. Why is retail a significant target? A lot of this is due to the significant chaos that has engulfed many physical retailers with an online presence that exploded during the pandemic. However, it also goes back further to a time when digital retail changed the purchasing pattern for consumers. Many retail organisations with multiple outlets and branches have been forced to constrict those operations due to a lack of IT in-field resources, putting even more pressure on their digital properties. But retail has a far more challenging issue, and that is the supply chain. Several factors have stressed supply chains over the past 18 months, including Covid-19, trade wars and goods shortages. To make things worse, few, if any, supply chains are ‘single-country’, so a lot of the components that go into making goods come from other countries, often on other continents. The logistics of this alone is a considerable burden. Cyberattacks focus on the weaker links in an organisation’s supply chain. Since the supply chain encompasses everything from the delivery of materials from the supplier to the manufacturer, all the way through to the delivery of the product to the end user, it’s a diffuse network of everything and everyone involved in the creation and sale of that product. When supply chains get disrupted, attempts to fix the disruptions put even more pressure on the weakest link. If the primary supplier of a manufacturer providing goods for a major retailer has a shortage of materials, the manufacturer will look to other suppliers to keep the chain going. Often, the new supplier is vetted quickly – and sometimes not at all. This creates a weak point in the supply chain. Attackers take advantage of the trust that organisations may have in third-party vendors and target this weak point in the supply chain. The objective is to use the weak link as an entry point because supply chain attacks are a type of island-hopping attack – hackers are ultimately after the retailer. Supply chain attacks are difficult to detect, as they rely on software that has already been trusted and can be widely distributed. In addition, there is not one dedicated part of an organisation that manages third-party vendors, so risks will get pushed from one team to another. There is a caveat, however, and that is something called client-side protection. This new form of cybersecurity aims to catch these attacks as they move laterally through the chain and stop them before they compromise the intended victim. So, what is client-side protection? In Protecting retail supply chains CHR I S H I L L : BAR RACUDA Due to the chaos of the pandemic and their globally distributed nature, retail supply chains have become a major target of criminals. Companies must look to new forms of security to deter attacks