{"id":32437,"date":"2026-06-04T09:30:00","date_gmt":"2026-06-04T08:30:00","guid":{"rendered":"https:\/\/www.engineernewsnetwork.com\/blog\/?p=32437"},"modified":"2026-06-04T10:50:52","modified_gmt":"2026-06-04T09:50:52","slug":"cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert","status":"publish","type":"post","link":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/","title":{"rendered":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert"},"content":{"rendered":"\n<p>The UK government&#8217;s\u00a02026\u00a0cybersecurity\u00a0<a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-20252026\/cyber-security-breaches-survey-20252026\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>survey<\/strong><\/a>\u00a0highlights\u00a0the gap between supply chain\u00a0vulnerabilities\u00a0and the level of preventative measures taken by medium and large firms.<\/p>\n\n\n\n<p>The survey reports that only 15% of companies review immediate suppliers&#8217; cyber risks, and&nbsp;just&nbsp;6% review wider supply chain cyber risks.<\/p>\n\n\n\n<p>Yet all evidence points to the supply chain being a focal point for&nbsp;cyber-attacks, as highlighted by last year&#8217;s&nbsp;attack on&nbsp;Jaguar Land Rover, which&nbsp;halted&nbsp;production for several weeks&nbsp;and resulted in a direct cost to the company of almost \u00a3200 million, and cost&nbsp;an estimated \u00a32 billion to the wider UK economy.<\/p>\n\n\n\n<p>Cybersecurity\u00a0expert Ben Large,\u00a0Head of Cyber\u00a0at\u00a0one of the country&#8217;s leading\u00a0technology solutions\u00a0firms,\u00a0<a href=\"https:\/\/cybit.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Cybit<\/strong><\/a>, commented: &#8220;It&#8217;s no longer enough to\u00a0keep\u00a0just\u00a0your own systems and networks secure. Most organisations rely on\u00a0connections to\u00a0their supply chains,\u00a0so\u00a0strict access controls\u00a0and\u00a0continuous monitoring\u00a0are now essential.<\/p>\n\n\n\n<p>&#8220;Despite three quarters of UK businesses having basic&nbsp;cyber security provision&nbsp;such as password policies, restricted admin rights,&nbsp;and firewalls, the vast majority&nbsp;are&nbsp;neglecting to consider the risks for business continuity when it comes to their supply chain.<\/p>\n\n\n\n<p>&#8220;This leaves them&nbsp;not only vulnerable to an attack&nbsp;themselves but&nbsp;also risking&nbsp;business continuity if there is an attack on suppliers, putting a question mark over their whole supply chain resilience.<\/p>\n\n\n\n<p>&#8220;Although&nbsp;cyber security is seen as an IT challenge, this makes&nbsp;it&nbsp;a risk factor across the whole business,&nbsp;requiring planning and buy in from a much wider range of departments.&#8221;<\/p>\n\n\n\n<p>Recent&nbsp;high-profile&nbsp;attacks through their supply chain network also include&nbsp;Marks &amp; Spencer and the Co-op&nbsp;who&nbsp;suffered&nbsp;highly disruptive&nbsp;attacks&nbsp;that were traced to&nbsp;a shared third-party vendor.<\/p>\n\n\n\n<p>The result of these saw&nbsp;Marks &amp; Spencer&nbsp;take&nbsp;a&nbsp;\u00a3300 million&nbsp;profit&nbsp;hit,&nbsp;while&nbsp;the&nbsp;Co-op&nbsp;took a&nbsp;hit&nbsp;of&nbsp;\u00a3206&nbsp;million&nbsp;in lost&nbsp;sales, and&nbsp;\u00a3120 million&nbsp;in&nbsp;lost&nbsp;profits<strong>.<\/strong><\/p>\n\n\n\n<p>However, there are actions businesses can take to ensure they are mitigating against either a direct&nbsp;cyber-attack&nbsp;through their supply chain, or disruption due to a&nbsp;cyber-attack&nbsp;within&nbsp;it.<\/p>\n\n\n\n<p>Ben Large explains; &#8220;A good starting point would be to mandate that all&nbsp;third parties&nbsp;achieve a minimum recognised certification, such as the government&#8217;s Cyber Essentials. This ensures that every supplier has considered, and put in place, measures to protect their business from a cyber-attack.<\/p>\n\n\n\n<p>&#8220;Undertaking a risk assessment across your supply chain to assess continuity issues and contingencies can also ensure the impact of an attack on your business&nbsp;will be&nbsp;minimised.&#8221;<\/p>\n\n\n\n<p>The use of Multi-Factor Authentication (MFA) is highly recommended where third parties&nbsp;have&nbsp;access&nbsp;to&nbsp;a company&#8217;s systems, and GCHQ recently recommended companies should replace passwords with passkeys, which are resistant to phishing as they cannot be intercepted,&nbsp;for user-authentication.<\/p>\n\n\n\n<p>Ben Large continued;&nbsp;&#8220;There are&nbsp;now&nbsp;AI&nbsp;tools emerging that can&nbsp;analyse deep into&nbsp;supply chains&nbsp;connections and networks,&nbsp;so&nbsp;a third-party risk management strategy must be&nbsp;put in place that considers&nbsp;every&nbsp;possible entry point to the company&#8217;s systems and data.<\/p>\n\n\n\n<p>&#8220;These&nbsp;tools go far beyond current&nbsp;antivirus&nbsp;solutions, which&nbsp;rely primarily on identifying threats based on known&nbsp;virus&nbsp;signatures.<\/p>\n\n\n\n<p>&#8220;Endpoint Detection and Response provides&nbsp;continuous monitoring and analysis of endpoint activities, but&nbsp;they rely on agents installed on owned systems so may&nbsp;not&nbsp;be suitable for securing third-party networks and systems.<\/p>\n\n\n\n<p>&#8220;However, Extended Detection and Response goes beyond&nbsp;this&nbsp;by integrating data from cloud environments, network firewalls, and email gateways, opening up the possibility of extending security boundaries.&#8221;<\/p>\n\n\n\n<p>Ben Large&nbsp;adds that&nbsp;Managed Detection and Response&nbsp;(MDR)&nbsp;currently&nbsp;offers the most complete solution, noting; &#8220;MDR&nbsp;deals&nbsp;with a broader range of cybersecurity challenges, incorporating behavioural analysis and&nbsp;real-time&nbsp;intervention.<\/p>\n\n\n\n<p>&#8220;When combined with advanced AI, MDR identifies and deals with risks associated with privilege abuse, account takeovers, and insider threats.&#8221;<\/p>\n\n\n\n<p>The risk of a cyber-attack&nbsp;is real.&nbsp;Overall,&nbsp;43%&nbsp;of businesses&nbsp;(about 612,000)&nbsp;and&nbsp;28%&nbsp;of charities&nbsp;(about 57,000)&nbsp;reported having experienced any kind of cyber security breach or attack in the last 12 months, which is&nbsp;on par with the previous&nbsp;year.<\/p>\n\n\n\n<p>But when&nbsp;you&nbsp;add into the mix the impact of a cyber-attack&nbsp;within your supply chain&nbsp;then&nbsp;the chance of&nbsp;that&nbsp;affecting your business in the next 12 months is significantly higher.<\/p>\n\n\n\n<p>Ben Large concludes; &#8220;Based on&nbsp;this&nbsp;survey, and what we are hearing from our&nbsp;clients, there&nbsp;is&nbsp;a growing need to take a more holistic&nbsp;approach&nbsp;to cyber security, engaging c-suite and logistics departments&nbsp;to ensure&nbsp;supply chain threats are understood and acted upon.<\/p>\n\n\n\n<p>&#8220;Business owners&nbsp;also&nbsp;need to know that it is a legal requirement to report a breach to the Information&nbsp;Commissioner&#8217;s&nbsp;Office, when for&nbsp;example, personal data has been stolen.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The UK government&#8217;s\u00a02026\u00a0cybersecurity\u00a0survey\u00a0highlights\u00a0the gap between supply chain\u00a0vulnerabilities\u00a0and the level of preventative measures taken by medium and large firms. The survey reports that only 15% of companies review immediate suppliers&#8217; cyber risks, and&nbsp;just&nbsp;6% review wider supply chain cyber risks. Yet all evidence points to the supply chain being a focal point for&nbsp;cyber-attacks, as highlighted by last &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[199],"tags":[5305,14972,1730],"class_list":["post-32437","post","type-post","status-publish","format-standard","","category-news-views-and-opinion","tag-cybersecurity","tag-cybit","tag-supply-chain"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network\" \/>\n<meta property=\"og:description\" content=\"The UK government&#8217;s\u00a02026\u00a0cybersecurity\u00a0survey\u00a0highlights\u00a0the gap between supply chain\u00a0vulnerabilities\u00a0and the level of preventative measures taken by medium and large firms. The survey reports that only 15% of companies review immediate suppliers&#8217; cyber risks, and&nbsp;just&nbsp;6% review wider supply chain cyber risks. Yet all evidence points to the supply chain being a focal point for&nbsp;cyber-attacks, as highlighted by last &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/\" \/>\n<meta property=\"og:site_name\" content=\"Engineer News Network\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-04T08:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-04T09:50:52+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"headline\":\"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert\",\"datePublished\":\"2026-06-04T08:30:00+00:00\",\"dateModified\":\"2026-06-04T09:50:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/\"},\"wordCount\":901,\"keywords\":[\"cybersecurity\",\"Cybit\",\"Supply Chain\"],\"articleSection\":[\"News, Views and Opinion\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/\",\"name\":\"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\"},\"datePublished\":\"2026-06-04T08:30:00+00:00\",\"dateModified\":\"2026-06-04T09:50:52+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\",\"name\":\"Engineer News Network\",\"description\":\"The ultimate online news and information resource for today's engineer\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\",\"name\":\"admin\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/","og_locale":"en_GB","og_type":"article","og_title":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network","og_description":"The UK government&#8217;s\u00a02026\u00a0cybersecurity\u00a0survey\u00a0highlights\u00a0the gap between supply chain\u00a0vulnerabilities\u00a0and the level of preventative measures taken by medium and large firms. The survey reports that only 15% of companies review immediate suppliers&#8217; cyber risks, and&nbsp;just&nbsp;6% review wider supply chain cyber risks. Yet all evidence points to the supply chain being a focal point for&nbsp;cyber-attacks, as highlighted by last &hellip;","og_url":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/","og_site_name":"Engineer News Network","article_published_time":"2026-06-04T08:30:00+00:00","article_modified_time":"2026-06-04T09:50:52+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/#article","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/"},"author":{"name":"admin","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"headline":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert","datePublished":"2026-06-04T08:30:00+00:00","dateModified":"2026-06-04T09:50:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/"},"wordCount":901,"keywords":["cybersecurity","Cybit","Supply Chain"],"articleSection":["News, Views and Opinion"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/","url":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/","name":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert - Engineer News Network","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website"},"datePublished":"2026-06-04T08:30:00+00:00","dateModified":"2026-06-04T09:50:52+00:00","author":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"breadcrumb":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/cyber-attacks-via-supply-chain-entirely-avoidable-says-cybersecurity-expert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.engineernewsnetwork.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber-attacks via supply chain\u00a0entirely avoidable, says\u00a0cybersecurity\u00a0expert"}]},{"@type":"WebSite","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website","url":"https:\/\/www.engineernewsnetwork.com\/blog\/","name":"Engineer News Network","description":"The ultimate online news and information resource for today's engineer","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.engineernewsnetwork.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1","name":"admin","url":"https:\/\/www.engineernewsnetwork.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/32437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/comments?post=32437"}],"version-history":[{"count":1,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/32437\/revisions"}],"predecessor-version":[{"id":32438,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/32437\/revisions\/32438"}],"wp:attachment":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/media?parent=32437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/categories?post=32437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/tags?post=32437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}