{"id":2681,"date":"2026-02-24T10:00:42","date_gmt":"2026-02-24T10:00:42","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/uncategorized\/untagged\/how-supply-chains-became-the-next-big-cyber-risk\/"},"modified":"2026-02-24T11:24:14","modified_gmt":"2026-02-24T11:24:14","slug":"how-supply-chains-became-the-next-big-cyber-risk","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/","title":{"rendered":"How Supply Chains Became the Next Big Cyber Risk"},"content":{"rendered":"<p><strong>In recent years, the cyber security landscape has\u00a0shifted significantly. Trust has\u00a0diminished\u00a0and\u00a0can\u00a0no longer be taken for granted. Organisations\u00a0once focused primarily on preventing\u00a0external threats, but as systems have become more complex, even insiders are no longer fully trusted.<\/strong><\/p>\r\n<p>The rise of insecure supply chains has added to the problem, driving growing interest in a zero-trust approach &#8211; a security model that never assumes trust by default and requires continuous authentication with least-privilege access. Today, businesses must protect themselves from external hackers, insider threats, and vulnerabilities in their supply chains, which often prove the hardest to secure privileged access.<\/p>\r\n<p>&nbsp;<\/p>\r\n<h2>Key Takeaways for Businesses<\/h2>\r\n<ul>\r\n\t<li><b><span data-contrast=\"auto\">Supply chain cyber risk affects everyone<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">A security breach at a supplier\u00a0could\u00a0directly\u00a0impact\u00a0your data, operations, and reputation.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Supplier trust needs controls, not assumptions<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">Even well-known organisations have\u00a0historically\u00a0been compromised through third parties.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Manufacturing supply chains carry added risk<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">Remote access, legacy systems, and physical components can all introduce vulnerabilities.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Software supply chains are a prime attack target<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">Widely used platforms and updates can expose thousands of organisations at once.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Due diligence has limits<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">You\u00a0can\u2019t\u00a0see every supplier risk, so systems should be designed to limit the impact of failure.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Your own security still matters most<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">Strong internal controls reduce the damage when external risks\u00a0can\u2019t\u00a0be prevented.<\/span><\/li>\r\n\t<li><b><span data-contrast=\"auto\">Certifications support risk management, not guarantees<\/span><\/b><span><br \/>\r\n<\/span><span data-contrast=\"auto\">Cyber Essentials and ISO 27001 show baseline controls, but they don\u2019t eliminate risk.<\/span><\/li>\r\n<\/ul>\r\n<p>&nbsp;<\/p>\r\n<h2>Supply Chain Attacks Through Service Providers<\/h2>\r\n<p>Over time, cyber criminals have noticed how organisations have become increasingly reliant on third parties. This is partly by design \u2013 outsourcing non-core functions is seen as financially efficient \u2013 but also the result of the spread of WAN networking, which allows services to be delivered remotely.<\/p>\r\n<p>This reliance isn\u2019t optional in many sectors. A functioning supply chain is fundamental to business, especially in manufacturing, where complex operations depend on a web of specialist suppliers and service providers.<\/p>\r\n<p>A recent example is the <a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/c0el31nqnpvo\" target=\"_blank\" rel=\"noopener\">supply chain attack involving Marks &amp; Spencer<\/a> in June 2024, where attackers compromised a third-party supplier, resulting in unauthorised access to sensitive employee data. This incident highlights how a breach at a service provider can directly impact even large, well-known organisations.<\/p>\r\n<p>The lesson? Just because you\u2019ve protected your own accounts doesn\u2019t mean your suppliers have done the same. This was a surprise to many businesses. Now, instead of simply trusting suppliers, organisations set clear checks and controls, limit what suppliers can do, and keep an eye on their activity.<\/p>\r\n<p>Read about <a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/the-biggest-cyberattacks-by-year\/\">the biggest\u00a0cyber attacks, year by year<\/a>.<\/p>\r\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\r\n<h2>Supply Chain Risks in Manufacturing<\/h2>\r\n<p>Manufacturers rely on a wide range of suppliers and could even grant them remote access to both office networks and critical factory systems.<\/p>\r\n<p>Suppliers provide the continual delivery of parts, materials, and services that keep production running. However, these also introduce extra risks:<\/p>\r\n<ul>\r\n\t<li>Remote access by suppliers\u202ffor maintenance or support can be a weak point, especially if protected by shared or weak passwords.<\/li>\r\n\t<li>Physical components or materials\u202fsupplied to the business can introduce vulnerabilities \u2013 compromised hardware, counterfeit parts, or even software embedded in equipment could all put production at risk.<\/li>\r\n\t<li>Older or poorly segmented factory networks\u202fmake it easier for cyber attackers to move from a compromised supplier connection or device into other parts of the business.<\/li>\r\n<\/ul>\r\n<p>A disruption from a cyber attack, contaminated materials, or a supplier\u2019s operational failure could halt production. Any delays can be costly, while a major incident can stop manufacturing altogether.<\/p>\r\n<p>As manufacturers become more connected and reliant on their supply chains, it could be crucial to secure digital access points and carefully vet and monitor the integrity of goods and services received.<\/p>\r\n<p><span data-contrast=\"auto\">\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\r\n<h2>Why Software Supply Chains Are Prime Targets<\/h2>\r\n<p><span data-contrast=\"auto\">Today\u2019s software relies on many third-party components, making it difficult for organisations to track where vulnerabilities might be hidden. Criminals can exploit weaknesses in these dependencies \u2013\u202fsometimes by tampering with code on public platforms like GitHub. Even when issues are found, identifying and fixing them isn\u2019t always straightforward, especially if no patch is available.<\/span><\/p>\r\n<p><span data-contrast=\"auto\">Software supply chains are a prime target. For attackers, compromising widely used software or update channels opens new ways to reach thousands of organisations at once. This has driven a wave of large-scale supply chain attacks over recent years, including the following:<\/span><\/p>\r\n<ul>\r\n\t<li><span data-contrast=\"auto\">Malicious code was slipped into the<\/span><b><span data-contrast=\"auto\">\u00a0SolarWinds Orion\u00a0<\/span><\/b><span data-contrast=\"auto\">network monitoring tool used by thousands of companies around the world. Estimates of the number of companies affected range into the thousands, making this the most widespread single-incident compromise in history. Ironically, a possible contributor to the breach could have been the company&#8217;s <\/span><a href=\"https:\/\/www.nytimes.com\/2021\/02\/23\/opinion\/solarwinds-hack.html\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">own overseas supply chain<\/span><\/a><span data-contrast=\"auto\">.<\/span><\/li>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Okta<\/span><\/b><span data-contrast=\"auto\">, based in San Francisco, delivers cloud-based identity and access management services. Thousands of organisations worldwide rely on its Single Sign-On (SSO), multi-factor authentication (MFA), and API access management solutions. Repeated attacks on the organisation resulted in October 2021 in the compromise of support files relating to <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/okta-breach-134-customers-exposed-in-october-support-system-hack\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">134 of its customers<\/span><\/a><span data-contrast=\"auto\">. This led to attacks targeting major infrastructure providers Cloudflare,\u00a0BeyondTrust, and 1Password.<\/span><\/li>\r\n\t<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">The <\/span><a href=\"https:\/\/www.ncsc.gov.uk\/information\/moveit-vulnerability\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">2023 attack on customers of the MOVEit file transfer<\/span><\/a> <span data-contrast=\"auto\">platform is believed to have compromised, to varying degrees, the data of up to several thousand organisations.<\/span><\/li>\r\n<\/ul>\r\n<p>A common feature of these incidents is that most of the providers involved were not well known, despite their software or services being widely used by businesses. That\u2019s how supply chains work; today\u2019s organisations depend on many suppliers like these and don\u2019t consider their security until something goes wrong.<\/p>\r\n<p>This highlights a core challenge of modern business. It\u2019s easy to say, \u201cDon\u2019t trust your suppliers,\u201d but doing so leads to a far more complex reality. In this world, nothing can be taken for granted and constant vigilance is essential.<\/p>\r\n<p><a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/top-8-cybersecurity-risks-for-your-business\/\">Read more about the top cyber security risks for businesses.<\/a><\/p>\r\n<p>&nbsp;<\/p>\r\n<h2>Cyber Security Certification for Supply Chain Risk Management<\/h2>\r\n<p>Supply chain cyber attacks continue to evolve and are a growing concern for UK organisations of all sizes. Certification to recognised schemes such as <a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/certification\/\">Cyber Essentials<\/a>,\u00a0<a href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/certification\/\">Cyber Essentials Plus<\/a>, or\u00a0<a href=\"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/certification\/\">ISO 27001<\/a> can help organisations demonstrate that appropriate cyber security controls are in place to manage common risks, including those introduced through third-party suppliers.<\/p>\r\n<p><a href=\"https:\/\/amtivo.com\/uk\/certification-quote\/\">Request a\u00a0quote\u00a0today<\/a> or <a href=\"https:\/\/amtivo.com\/uk\/contact-us\/\">contact our team<\/a> to find out more about the certification process.<\/p>","protected":false},"excerpt":{"rendered":"Learn how supply chains became key cyber targets, revealing risks and driving stronger defences.","protected":false},"author":24,"featured_media":2146,"template":"","meta":{"_acf_changed":false,"_searchwp_excluded":"","footnotes":""},"standard-post-categories":[31],"standard-post-tags":[32],"class_list":["post-2681","standard-post-filter","type-standard-post-filter","status-publish","has-post-thumbnail","hentry","standard-post-categories-insights","standard-post-tags-cyber-essentials"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How Supply Chains Became the Next Big Cyber Security Risk<\/title>\n<meta name=\"description\" content=\"Supply chain attacks are rising. Discover how service and software providers have become key cyber risks \u2013 and what businesses can do to respond.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Supply Chains Became the Next Big Cyber Risk\" \/>\n<meta property=\"og:description\" content=\"Supply chain attacks are rising. Discover how service and software providers have become key cyber risks \u2013 and what businesses can do to respond.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Amtivo UK\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-24T11:24:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/How-supply-chains-became-the-next-big-cyber-risk-.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How Supply Chains Became the Next Big Cyber Security Risk","description":"Supply chain attacks are rising. Discover how service and software providers have become key cyber risks \u2013 and what businesses can do to respond.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/","og_locale":"en_GB","og_type":"article","og_title":"How Supply Chains Became the Next Big Cyber Risk","og_description":"Supply chain attacks are rising. Discover how service and software providers have become key cyber risks \u2013 and what businesses can do to respond.","og_url":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/","og_site_name":"Amtivo UK","article_modified_time":"2026-02-24T11:24:14+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/How-supply-chains-became-the-next-big-cyber-risk-.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_image":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg","twitter_misc":{"Estimated reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/","url":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/","name":"How Supply Chains Became the Next Big Cyber Security Risk","isPartOf":{"@id":"https:\/\/amtivo.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/#primaryimage"},"image":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/How-supply-chains-became-the-next-big-cyber-risk-.png","datePublished":"2026-02-24T10:00:42+00:00","dateModified":"2026-02-24T11:24:14+00:00","description":"Supply chain attacks are rising. Discover how service and software providers have become key cyber risks \u2013 and what businesses can do to respond.","breadcrumb":{"@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/#primaryimage","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/How-supply-chains-became-the-next-big-cyber-risk-.png","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/How-supply-chains-became-the-next-big-cyber-risk-.png","width":600,"height":400,"caption":"How supply chains became the next big cyber-risk"},{"@type":"BreadcrumbList","@id":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-supply-chains-became-the-next-big-cyber-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/amtivo.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Standards","item":"https:\/\/amtivo.com\/uk\/standards\/"},{"@type":"ListItem","position":3,"name":"Cyber Essentials","item":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/"},{"@type":"ListItem","position":4,"name":"Insights","item":"https:\/\/amtivo.com\/uk\/standards\/insights\/"},{"@type":"ListItem","position":5,"name":"How Supply Chains Became the Next Big Cyber Risk"}]},{"@type":"WebSite","@id":"https:\/\/amtivo.com\/uk\/#website","url":"https:\/\/amtivo.com\/uk\/","name":"Amtivo","description":"","publisher":{"@id":"https:\/\/amtivo.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/amtivo.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/amtivo.com\/uk\/#organization","name":"Amtivo","url":"https:\/\/amtivo.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","width":371,"height":203,"caption":"Amtivo"},"image":{"@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter"}],"about":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/types\/standard-post-filter"}],"author":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/users\/24"}],"version-history":[{"count":20,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2681\/revisions"}],"predecessor-version":[{"id":11170,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/2681\/revisions\/11170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media\/2146"}],"wp:attachment":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media?parent=2681"}],"wp:term":[{"taxonomy":"standard-post-categories","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-categories?post=2681"},{"taxonomy":"standard-post-tags","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-tags?post=2681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}