The recent cyber-attacks and ransomware incidents have highlighted the need for a new approach to security of the supply chain network. While enterprise security does the job for large companies, there is a need to take a fresh look at the way security systems are deployed with the supply chain partners.

Quality Of Attacks Have Gone Up

Ransomware is a $6 billion enterprise, so there is a lot of financial motivation for these operators going.

While ransomware attacks in terms of numbers have gone down, what has replaced that is the quality of these attacks. These operators are adding different layers of extortion.

He stated that attacks in the past were only restricted to files getting encrypted or the systems getting disrupted, now the attacks are far more dangerous. Now after your data getting stolen, they are involving the media, or your employees or the people outside your organisation to pressurise you into paying for the stolen data.

Risk Of Attack in an Extended Work Environment

Global supply chains had become increasingly interconnected even before the pandemic and now even more so. Attackers infiltrate the third-party suppliers and exploit their trusted access to gain access to your environment. Once inside they can conduct all kinds of malicious activities. He claimed that in the past, assaults were limited to encrypting information or disrupting systems; however, today's threats are significantly more destructive. Now, once your data has been taken, they are using the media, your workers, or individuals outside your company to pressurise you into paying for the stolen data.

In An Extended Work Environment, there is a Risk of Attack

Much before the epidemic, global supply networks had been more intertwined, and they have become even more so now. Attackers acquire access to your environment by infiltrating third-party vendors and exploiting their trusted access. They may carry out a variety of harmful operations once inside.

The supply chain attacks have increased in the months of pandemic. It is trust verses security or restriction. I can only influence my business partners to follow certain business practices but can’t force them to do so.

Need For Building Zero Trust

In the wake of the pandemic and the rise in the cyber-attacks, most organisations have installed cyber security in their systems, it is not adequate to prevent advanced attacks. The employee may get a harmless link and when he clicks on that, it would seem nothing has happened. But it has opened a back door, through which the attacker enters the systems. He enters the other system and it's just a matter of time that the entire data falls to risk.

Solutions Need to Evolve All the Time

Service providers too are relooking at the entire gamut of the angel services which has led to connectivity and performance takes on a different connotation leading to an increase in the customer expectations.

(This is a slightly modified version of an article originally published in The Economic Times. The original article can be found at