• Texaport provides best in-class, certified cyber security services to protect businesses from online threats.

          Incident Response Center

          If you are currently experiencing a cyber attack, contact our response desk immediately.

        • Texaport is a Managed Service Provider delivering a complete portfolio of IT solutions to support our clients’ operations across the UK and throughout the globe. 

    • Articles, News & Case Studies

      Thought leaders in the global IT sector
  • Contact

The Importance of Cybersecurity Within Supply Chains

Cybersecurity supply chain

Supply Chain Attacks are becoming more common in the wild, and basic steps can be taken to mitigate the risks and secure your business, and its assets. Supply Chain Risks can come in different forms: it could be software produced for a consumer product which has been compromised, or it could be the suppliers themselves that have experienced some form of Cyber Security Incident, resulting in system downtime and reduction of available services for their customers, or data breaches.


Supply Chain Risks are not easily mitigated by yourself, as the fault will more than likely lie further down the Supply Chain, rather than being a risk you potentially pose. However, securing your accounts, devices, and business data, truly bolsters you to be protected from an array of lateral attacks, such as Credential Stuffing. 


In recent news, there has been the discovery of an API Vulnerability, which is affecting at least 16 major car brands. The cybersecurity researcher, Sam Curry, found a surprising number of vulnerabilities surrounding Electric/Hybrid Vehicles and their respective Mobile Applications. He found that the manufacturers’ API endpoints were all operating with extremely similar functionality, meaning, if a vulnerability was found within one API, there is a good chance the same vulnerability would be found in another. 


Some car companies with tested and working vulnerabilities include: Ford, Ferrari, BMW, Honda, Mercedes-Benz, Land Rover and Porsche. Not all companies share the same vulnerabilities, such as, BMW experienced SSO vulnerabilities, leading to attacker access into internal dealer portals, where an attacker could obtain sales documents containing sensitive information.


Whereas Mercedes-Benz experienced a similar vulnerability with SSO, though the lateral movement an attacker could make was potentially much more damaging, as the attacker could access GitHub instances for internal Mercedes-Benz operations and applications, cloud deployment services for managing cloud storage, and the potential for Remote Code Execution across their environment.


Another API vulnerability affecting some car companies was resulting in full remote access to the vehicle, granting the attacker the ability to remote lock, start and stop the engine, honk the horn, flash the headlights, and obtain GPS data to precisely locate the vehicle.  


The above is an example of a third-party software supplier failing to uphold a high level of application security testing, resulting in Supply Chain Security Incidents, and the potential for detrimental attack vectors to be pursued by a threat actor. The National Cyber Security Centre (NSCS) in the UK released guidance on Supply Chain attacks, around the same time malicious groups were targeting European company’s third-party suppliers, particularly pertaining to the Energy Sector.  


They recommended reviewing the Supply Chain process regularly, for the security of your customer’s data, and the security of your own internal systems. There are several internal steps companies can take to attempt to mitigate Supply Chain Security Incidents potentially having a knock-on effect to the company’s environment.


As mentioned above, one of the security vulnerabilities was a poorly configured SSO environment, which allowed the threat actor to gain Account level access, with the ability to view and edit sensitive information, which can be viewed as a basic oversight, resulting in a detrimental outcome.  


Companies can seek to become compliant and aligned with current Cyber Security recommendations and guidelines by pursuing the Cyber Essentials certification. Cyber Essentials provides a strong baseline for companies to begin to build and bolster their internal security practices, as well as seeking to protect all company and customer data across corporate devices. 


At Texaport, we understand the importance of these advancements, and we work with our clients to put a reliable system in place to improve their business efficiency. Our team has a wide range of IT knowledge and remains acquainted with the movements in the IT industry. Find out more here.


IT Support, Case Study

Read our Reviews

More articles

IT Support

Your IT Support issues are resolved immediately at the first point of contact so you can get on with what's important


We hold Cyber Essentials Certification and Microsoft Silver Competency, reinforcing our commitment to quality


Secure your business from within. Enabling you to create a security-focused culture with automated training within your business


Keep your team connected with Texaport's suite of business grade connectivity and information communication solutions

Managed Services

Outsource your Managed IT Services, improve your operations and cut your expenses


Providing the lifelines to your communications with structured cabling design and instalation

Cloud Services

Take your business higher with Texaport's Cloud Consulting, Cloud Migration and Cloud Management

IT Consultancy

Tap Into our strategic experience with our project management and IT Consulting services

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Would you like to leave us a Google review?

Contact us for more information