Unlike New Year’s resolutions, which are often based around the start of the year (just look at the queues at the gym!), malicious cyber actors don’t suddenly change their tactics, techniques, or procedures on January 1st. However, it is useful to understand the current direction of the threat landscape. Doing so can help anticipate how cyber threats may evolve over the coming year.
In this article published by SupplyChain Strategy, Risk Ledger's Chief Cyber Security Strategist, Justin Kuruvilla, delves into the following topics, which he believes are important to keep a close eye on as 2025 progresses.
- AI to map out supply chain targets
Artificial Intelligence (AI) has become a double-edged sword in supply chain security. While it offers tools for efficiency, malicious actors are leveraging AI to conduct sophisticated reconnaissance. By analysing extensive datasets, they can map supply chains, identify vulnerabilities, and craft targeted social engineering attacks. This AI-driven approach lowers the barrier for cybercriminals, enabling even less skilled individuals to execute complex attacks, thereby increasing the overall threat landscape.
- Increasing Regulatory Focus Down the Supply Chain
The introduction of regulations such as NIS2 and DORA signifies a heightened regulatory focus on supply chain security. Organisations are now compelled to gain comprehensive visibility into their supply chains, extending beyond immediate third-party suppliers to include fourth, fifth, and nth parties. This necessitates robust mechanisms to assess and mitigate risks throughout the entire supply chain network. Non-compliance not only attracts financial and reputational repercussions but also impacts business relationships, as clients and investors increasingly prioritise security maturity in their partnerships and investments.- Nation states will continue to leverage cyber operations
Nation-states are intensifying their cyber operations, targeting critical infrastructure sectors such as telecommunications, finance, and government entities. These attacks aim to disrupt essential systems, serving broader geopolitical objectives. The increasing frequency and sophistication of such operations underscore the necessity for organisations to bolster their defences and remain vigilant against state-sponsored threats.- Ransomware continues to remain a major threat
Ransomware continues to pose a significant threat to supply chain security. Attackers are evolving their tactics, employing AI to enhance the effectiveness of their campaigns. The potential for systemic disruptions across sectors amplifies the urgency for organisations to implement robust security measures, conduct regular vulnerability assessments, and develop comprehensive incident response plans to mitigate the impact of ransomware attacks. - Increased client/supplier collaboration, but more scrutiny
The complex and interconnected nature of modern supply chains necessitates increased collaboration between clients and suppliers. However, this collaboration brings heightened scrutiny, as organisations must ensure that their partners adhere to stringent security standards. This involves conducting thorough due diligence, continuous monitoring, and fostering transparent communication to build trust and resilience throughout the supply chain. Such collaborative efforts are essential in identifying and mitigating risks that could compromise the entire supply chain ecosystem. - Quantum Computing
Although widespread adoption of quantum computing remains on the horizon, its potential to break current encryption standards presents a looming threat. Organisations must proactively assess the resilience of their encryption methods, both within their operations and those of their vendors, to future-proof against quantum attacks. This includes adopting quantum-resistant cryptographic algorithms and staying abreast of advancements in quantum computing to safeguard sensitive data and communications.
You can read the full article at SupplyChain Strategy.
