IT Essentials: Welcome to the dark side (of supply chains)

Like globalisation, supply webs are both strength and weakness

IT Essentials: Welcome to the dark side (of supply chains)

Be in business for any length of time, and you'll soon have a sprawling web of suppliers and partners - and be part of your own customers' network, as well.

Interlinked supply chains are a great help in modern business, boosting resilience and expertise sharing. But they have a dark side, too.

Last year, food prices shot up in response to the war in Ukraine; partly due to rising gas and oil prices, but also because of Ukraine's position in the global food supply chain. The country is a hub, exporting double-digit percentages of the world's cereal crops; so when it was attacked, the entire world felt the effect.

Digital supply chains are no different. When a major supplier is attacked - like 3CX this week - the trickle down effects can shake industries. That's especially true if the attackers pivot to use customers in the chain as new attack nodes.

Just like the physical world, it's often nation states that are behind the most successful supply chain attacks.

Russia's dominance of the cybercrime space has weakened in the past year (though will probably rise again in the future), but there are always others out there willing to take advantage of a power vacuum.

While attribution is difficult, when it comes to state actors the job is slightly easier, because each one wants something different.

Russian attackers are the most versatile: they could target cash payouts, destruction, or a more nebulous goal like political division. China often targets corporate secrets, while Iran goes after military knowhow, and North Korean attacks are normally about revenue generation - but there's significant overlap between all of them.

Like globalisation, interlinked supply chains have many benefits but also many risks. The impact of a successful attack can cause ripples far beyond the original target.

As much as I'd like to end on a positive note, there's no silver bullet for supply chain attacks. Perhaps ironically, the most effective defence comes from ancient China: Suz Tzu's famous proverb, "Know thy enemy."

Weekend reading

Over the long Easter weekend, read Penny Horwood's excellent analysis of how tech redundancies are making the sector less diverse; John Leonard's write-up of the Azure/AWS cloud monopoly in the UK; or Kyle Alspach's look at the cryptocurrency firms hit in the 3CX attack.

We've also launched a new page with IT recruiter Harvey Nash, looking at the best tech jobs for new starters and career switchers. We'd love your feedback on what you want to see there, and what information would help you when entering the world of tech.