I’ve written extensively about Supply Chain Operating Networks and “the power of the network.” Instead of companies creating hundreds or thousands of one-to-one connections with their trading partners, they can make a single connection to the network — where their existing partners, along with thousands of potential new ones, are already connected. This enables them to communicate, collaborate, and execute business processes in ways that are more efficient, scalable, and innovative.
Unfortunately, hackers understand the ‘power of the network’ too and are leveraging it to unleash cyber attacks.
According to a Financial Times article published last week titled “Hackers target supply chains’ weak links in growing threat to companies,” hackers are increasingly bypassing direct attacks on large companies and instead infiltrating their suppliers or service providers (including software providers) as a way to gain access. Here’s an excerpt from the article:
“If you ‘breach’ a supplier and it’s got access into many, many top-end organisations that are consuming their services or connected into them, you’re getting a many for one return on investment,” said Tim Erridge, vice-president of Europe, the Middle East and Africa at Unit 42 at Palo Alto Networks.
About 30 per cent of 7,965 cyber attacks in 2024 originated via a third party, double the amount from a year earlier, according to Verizon’s 2025 Data Breach Investigations Report. In 2023, these types of hacks represented 14.9 per cent of 7,268 cyber attacks.
Translation: If you’re a cybercriminal and gain access to a supplier, carrier, or logistics service provider connected to hundreds — or even thousands — of companies through a Supply Chain Operating Network, you can exploit “the power of the network” to infiltrate all of those companies through a single connection.
We’ve already seen cases of supply chain software providers getting hacked, causing costly disruptions for their customers (see “Blue Yonder Cyberattack: How Prepared Are You If Your TMS or WMS Goes Down?”). Unfortunately, a hacker who infiltrates a Supply Chain Operating Network could launch attacks that are “more efficient, scalable, and innovative” than ever before — the power of the network turned from a force for good into a weapon for harm.
IIn a July 2024 survey, we asked members of our Indago supply chain research community, “How important are cybersecurity considerations when evaluating and selecting supply chain software applications and vendors?” More than two thirds of the respondents (68%) said that cybersecurity considerations are either “Very Important” (40%) or “Important” (28%) when evaluating/selecting supply chain software and vendors.
Sixty-eight percent is a relatively high number — but when it comes to selecting a Supply Chain Operating Network provider, it really should be 100%.
As the saying goes, it’s not a question of if you’ll be the victim of a cyberattack, but when. That’s why it’s critical to take action now: to reduce the risk of being hacked — whether directly or through an external trading partner — and to limit the scope and duration of an attack when it inevitably occurs.
For related commentary, please read:
- The Day a Cyber Attack Brings the World’s Supply Chains to a Halt
- You’ve Been Hacked! The Growing Threat of Supply Chain Cyber Attacks
- When A Cyberattack Takes Down Your Supply Chain Software
- UNFI: Another Reminder of Cyberattack Risks on Supply Chains
- The Cybersecurity Problem (and Opportunity) in Supply Chain Management