This article has originally been written in french and then translated with tools. The translation should be on point, but please forgive us if some parts are not perfect.
This article was written as part of our collaboration with STIQ as a member. We want to help manufacturing companies understand the cybersecurity issues specific to their sector of activity, and therefore protect themselves.
The popular imagination often describes certain organized crime groups of hackers as prodigies who stop at nothing. We see them successfully compromising the systems of the US government or multinationals that have invested millions of dollars in cybersecurity.
With this in mind, the easy shortcut is to tell ourselves that there’s nothing to be done, that if even organizations of this scale are affected, the battle is lost in advance.
Hackers, no matter how skilled, will always try to find the shortest route to their target. Okay, a challenge is stimulating, but why complicate your life?
Let’s take an example to illustrate: a group of criminals wants to attack a giant like a multinational corporation, because they know they’ll be able to demand a higher ransom or that the data will be worth more. This company has invested heavily in securing its systems, so it won’t be child’s play. But this company doesn’t live in an isolated world, it has suppliers, many of them SMEs, who don’t have much in the way of cybersecurity in place. And these suppliers have some access to the systems of the target multinational. Can you see where we’re going?
Here are a few real-life examples:
You’ll notice that it’s not the compromised supplier who is named in the headlines of these articles, it’s the large organization behind them. The “responsible” supplier will be named in the article, but it won’t be the main media target. The reputational damage will be worse for the customer who simply made the mistake of trusting his suppliers.
That’s why. They just want to protect themselves as much as possible from this attack vector. To win points with your customers, or even just to be able to do business with them, you have no choice but to invest in cybersecurity.
In addition to the business development aspect, remember too that if a criminal group is targeting you to hit a big player, they’re unlikely to be content with just using you as an entry point. They’re likely to steal sensitive data and/or deploy ransomware in your company.
Certainly more than the budget required to provide an adequate level of protection. We hate to play on the fear factor in our field, but it’s our responsibility to make companies aware of the real issues.
Don’t be your customers’ weak link, bring cybersecurity back to the strategic level of your business and take action.
Peace ✌️
Cyndie & Nicholas