Gregg Ogden, Supply Chain Security SME at Immersive Labs, explains how firms can improve resilience and fortify their defences against future threats
Supply chain cyber attacks tend to result in significant resources being poured into recovery – particularly to mitigate its impact.
While important, this approach has one major limitation, according to Gregg Ogden, Supply Chain Security SME at Immersive Labs.
Here, Gregg tells Supply Chain Digital how businesses can improve resilience and fortify defences against future threats by focusing on ‘rebuild’ rather than ‘recovery’.
Hi Gregg, tell us a bit about yourself and your role
My role at Immersive Labs is serving as a subject matter expert for Supply Chain Security. My role involves crafting our go-to-market strategies and fine-tuning how we position and highlight the value of our products and services.
Before joining Immersive Labs, I was Head of Customer Support at an aerospace and defence subcontractor. That experience was where I really dug into supply chain challenges and security.
I also worked as a product marketer in the data backup and recovery sector, supporting clients affected by supply chain cyber incidents.
For those unfamiliar with Immersive Labs, what are the company’s main activities?
Immersive Labs is a cybersecurity company headquartered in the UK with offices in Boston, MA. It focuses on people-centric cyber resilience, essentially helping organisations build and prove cyber capabilities across the workforce to defend against threats.
Through our solutions, which include realistic cyber exercises and drills, organisations gain real-time insights into skills and coverage gaps. This lets them continuously measure and upskill their employees and suppliers to prevent and respond to attacks.
Our solutions are for both technical and non-technical teams – these can be cyber teams, developers, engineers, and C-Suite executives. Around 5,000 labs are completed every day.
Our technology has helped more than 400 enterprises and government departments worldwide, including the Ministry of Defence, the NHS, Citi, Pfizer, and HSBC.
Why do organisations need to focus on rebuilding after a supply chain attack, rather than merely recovering?
It’s easy for companies to fall into the trap of focusing solely on a quick recovery after a supply chain attack. Understandably, there’s a desperate urgency to avoid a costly, long-term breach that could harm their brand and partnerships.
However, if businesses only adopt a short-term mindset and skip the rebuilding phase, they risk leaving their fundamental cyber risks unaddressed. This can leave them dangerously vulnerable to similar attacks in the future.
Remember, cyber crime is not a one-off event; attackers often return if they see that security gaps haven’t been closed or vulnerabilities haven’t been fixed. For instance, after the initial exploitation of vulnerabilities in Progress Software’s MOVEit File Transfer software, the Cl0p ransomware group targeted victims a few months later who had not properly addressed these vulnerabilities.
While recovery is crucial to help manage the immediate fallout of a supply chain attack, it rarely addresses the root cause of the breach. Take the British Library, for instance—its made significant strides in improving their cyber posture since their October 2023 attack. To truly enhance an organisation’s defences, it’s crucial to focus on rebuilding and improving cyber resilience so that the same mistakes are not repeated.
You highlight the British Library rebuild as an example of what organisations should do. Why?
In this instance, the British Library thoroughly reviewed their systems, identified the root cause of the breach, and, most importantly, committed to modernising and securing their infrastructure.
It went beyond just fixing the immediate vulnerability by implementing robust cybersecurity measures like multi-factor authentication (MFA), air-gapped backups and threat detection, and enhanced their incident response capabilities and disaster recovery protocols.
Rather than merely patching the vulnerability and moving on, the British Library opted for a comprehensive overhaul of their security systems. Their response to the cyber attack offers valuable lessons for organisations of all sizes:
- Beyond patching: Instead of simply addressing the immediate vulnerability, the Library adopted a proactive approach by strengthening its entire security infrastructure.
- Comprehensive overhaul: A holistic approach to cybersecurity is essential. By improving its overall cyber posture, the Library reduced its vulnerability to future attacks.
- Learn from incidents: Organisations should also recognise that cyber attacks can be seen as opportunities for growth and improvement. By analysing the incident and taking corrective measures, organisations can become more resilient.
- Invest in prevention: Proactive measures, such as regular security audits and employee training, can help prevent future breaches.
In essence, the British Library’s experience demonstrates the importance of a proactive and comprehensive approach to cybersecurity. Organisations can better protect themselves by investing in prevention, preparedness, and resilience.
Companies should focus on rebuilding instead of recovery after cyber attacks, says Immersive Labs. Picture: DC Studio via Freepik
What are the key steps involved in rebuilding after a supply chain attack?
Rebuilding after a supply chain attack can seem like a mammoth task, but it can be significantly easier by breaking it into three key steps:
- Crisis post-mortem: Carrying out a thorough review after a crisis is essential for identifying gaps in security measures and response strategies. This analysis should detail how and where the attack occurred, assess the effectiveness of existing security measures, and evaluate the incident response. It’s crucial that this review is not seen as a blame game but as an opportunity for improvement.
- Implementing monitoring and exercising: Following the review, organisations should review existing tools and implement additional robust defences to identify vulnerabilities and prevent future attacks. This includes measures that provide IT teams with real-time visibility into supply chain activities and detect suspicious activity.
Additionally, addressing the human element is essential. Regular, scenario-driven exercising and training should be conducted to cover the latest threats, handling of sensitive data, and adherence to security protocols. Such programmes upskill employees so they are prepared to respond to cyber threats effectively. - Getting systems back in action: Reconnecting systems and resuming normal operations should be a gradual process that balances business needs while prioritising security. During this phase, it is essential to verify the integrity of restored systems and data and conduct audits to ensure that all vulnerabilities have been fully addressed.
What tips do you have for organisations looking to build cyber resilience within their supply chains?
As previously mentioned, improving cyber resilience involves not just strengthening security measures but also cultivating a culture of cybersecurity awareness among employees.
Basic cyber hygiene measures are essential for protecting your organisation’s security. This includes enforcing multi-factor authentication (MFA) across the entire network, updating and patching software promptly, and conducting regular security audits and penetration testing.
To ensure that your suppliers are also maintaining high security standards, it’s crucial to establish clear guidelines and expectations. The lead supplier or OEM should set the network parameters and guidelines for their suppliers to follow, and then verify compliance through regular assessments and audits. This collaborative approach helps to strengthen the overall security posture of the entire supply chain.
Beyond these basics, organisations should adopt advanced security controls such as threat monitoring and network segmentation. These measures help IT teams to quickly detect malicious activity, prevent attacks from spreading across the supply chain, and address issues promptly.
Training should move beyond traditional presentation or paper-based methods. Instead, it should include simulated exercises that replicate real-world cyber attack scenarios. This approach not only keeps employees engaged but also helps them develop the skills needed to respond effectively under pressure.
Moreover, employees need to be trained on response protocols. Clear guidelines on communication channels, procedures, and recovery plans are essential for a coordinated and effective response during an attack.
Ultimately, improving cyber resilience is crucial when rebuilding after a supply chain attack. By implementing these practices, businesses can bolster their cyber posture and better withstand future threats.
