Cyber Essentials Can Help Secure Supply Chains


14 Jan 2016

Cyber Essentials Can Help Secure Supply Chains

Large organisations supply chains are often long and stretch across multiple points. As a result an organisations cyber security is only as strong as the weakest member of the supply chain.

In the first week of the year, Time Warner Cable (TWC), the USA’s second largest cable provider announced that up to 320,000 of its customers may have had their passwords and email addresses compromised. The company only discovered the leak after it was notified by the FBI that some of its customers email addresses and passwords may have been compromised and put onto the Dark Web. The fact that it took the FBI to bring the issue to the company’s attention suggests that it was not breached directly. Instead, it appears as though the details were stolen via other methods.

 The most likely culprit is a phishing attack targeting TWC customers. This is likely to have been achieved through a fake customer service email sent to customers or via a fake website. Another possibility is that the credentials were gathered through malware installations or by breaching a subcontractor in a supply chain who had access to some TWC customer information. If this is the case, then it raises the issue of both the security of the organisations supply chain and phishing attacks.

The company said that it is sending emails and direct mail correspondence to encourage customers to update their email passwords as a precaution.

Supply Chains the Weak Link?

Determined hackers will take advantage of a supply chain by doing their research, and will learn what companies are in the supply chain of their primary target.  If determined they will go through every part of the supply chain to find a vulnerability that once found, they will exploit. Once they find a way in they can then spread malicious software throughout the entire chain.

Often due to their smaller size and budgets it will be the smaller organisations on the supply chain that will be the weakest link as their cyber security measures are unlikely to be as effective as larger ones.

A good way for SMEs to ensure that they take the matter of cyber security seriously is to obtain the Cyber Essentials accreditation. By doing so they will improve their reputation as a well defended supply chain partner and will be seen as a safer partner for larger organisations to work with. For more information on the scheme click here. You can find PGI’s Cyber Essentials Portal here

 For the latest PGI updates like our pages on LinkedIn – PGIPGI Cyber and Facebook – PGIPGI Cyber

Share this article

Contact us

Call us now to discuss your requirements with one of our consultants.

Contact us today

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of...

Watch Video

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and...

Watch Video

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be...

Watch Video
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP