Cybercriminals are moving to target the Internet of Things (IoT) and industrial systems and exploit critical vulnerabilities, which calls for cooperation between all parties in the supply chain to protect the weakest links from attacks, say cybersecurity experts.
According to a report by the European Union Agency for Cybersecurity, attacks on the supply chain increased in 2021.
Enterprises also found data breach incidents involving shared data with suppliers to be the costliest breaches in 2021, reaching US$1.4 million.
Cybersecurity company Kaspersky indicated the world has seen some high-profile incidents where cybercriminals took advantage of weaknesses among ICT vendors, and used them as launch pads to target many others in one fell swoop.
"In the last two years there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain," said Eugene Kaspersky, chief executive of Kaspersky, during the company's fourth APAC Online Policy Forum gathering distinguished industry and policy expects.
"As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond."
Cybercriminals are expanding their reach to target IoT and industrial systems, he said.
"In the future, cybersecurity will be more important as we need not only to protect consumers and enterprises but also the industrial sector in critical infrastructure as well," said Mr Kaspersky.
Dato Dr Haji Amirudin Abdul Wahab, chief executive of CyberSecurity Malaysia, the agency monitoring e-sovereignty of Malaysia, pointed out the number of attacks on those working in the supply chain has increased, with the system more vulnerable and at risk than ever before.
"A supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and users' devices," he said. "Especially in today's environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations."
He suggested that the level of cybersecurity protection or state readiness has an impact on the confidence of investors in a country.
Pratama Persadha, chairman of Indonesia's Communication and Information System Security Research Centre, stressed both government and non-government stakeholders can minimise cyber threats by improving their cybersecurity capabilities, which will improve ICT supply chain resilience.
"However, this will be constrained if all relevant parties do not improve the cybersecurity of their systems. The main obstacle is the lack of understanding surrounding the importance of cybersecurity to increase ICT supply chain resilience," said Mr Persadha.
All stakeholders must consider significant investment to increase the overall standard of cybersecurity to improve the resilience of the ICT supply chain, he said.
Mr Persadha said Indonesia still lacks a personal data protection law, which has resulted in high-profile data leak cases. Such a regulation will drive organisations to uplift their security systems, he added.
Shri Rajeev Chandrasekhar, Minister of State in the Ministry of Electronics and Information Technology and Ministry of Skill Development and Entrepreneurship, India, said the government has made safe and trusted internet space a top priority.
"The core part of the strategy is cross-border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain," he said.
Mr Kaspersky said to guard against cyberthreats, short-term solutions include improving procedures and regulations of the ICT supply chain infrastructure.
"The long-term solution is to make systems immune. This means the system being designed in such a way that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system," he added.