Cyber Essentials Can Help Secure Supply Chains

14 Jan 2016

Cyber Essentials Can Help Secure Supply Chains

Large organisations supply chains are often long and stretch across multiple points. As a result an organisations cyber security is only as strong as the weakest member of the supply chain.

In the first week of the year, Time Warner Cable (TWC), the USA’s second largest cable provider announced that up to 320,000 of its customers may have had their passwords and email addresses compromised. The company only discovered the leak after it was notified by the FBI that some of its customers email addresses and passwords may have been compromised and put onto the Dark Web. The fact that it took the FBI to bring the issue to the company’s attention suggests that it was not breached directly. Instead, it appears as though the details were stolen via other methods.

 The most likely culprit is a phishing attack targeting TWC customers. This is likely to have been achieved through a fake customer service email sent to customers or via a fake website. Another possibility is that the credentials were gathered through malware installations or by breaching a subcontractor in a supply chain who had access to some TWC customer information. If this is the case, then it raises the issue of both the security of the organisations supply chain and phishing attacks.

The company said that it is sending emails and direct mail correspondence to encourage customers to update their email passwords as a precaution.

Supply Chains the Weak Link?

Determined hackers will take advantage of a supply chain by doing their research, and will learn what companies are in the supply chain of their primary target.  If determined they will go through every part of the supply chain to find a vulnerability that once found, they will exploit. Once they find a way in they can then spread malicious software throughout the entire chain.

Often due to their smaller size and budgets it will be the smaller organisations on the supply chain that will be the weakest link as their cyber security measures are unlikely to be as effective as larger ones.

A good way for SMEs to ensure that they take the matter of cyber security seriously is to obtain the Cyber Essentials accreditation. By doing so they will improve their reputation as a well defended supply chain partner and will be seen as a safer partner for larger organisations to work with. For more information on the scheme click here. You can find PGI’s Cyber Essentials Portal here

 For the latest PGI updates like our pages on LinkedIn – PGIPGI Cyber and Facebook – PGIPGI Cyber

Share this article


Your free global geopolitical
risk dashboard

PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.

The Risk Portal gives users up-to-date information and analysis on global affairs.

The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.

Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.

Visit the Risk Portal

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.

Get in touch today

For more information on how we can help you or your business, please contact us via:

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP