Beginner’s Guide to Supply Chain Attacks in Cyber Security
You could be doing nearly all the things proper in cyber safety and nonetheless get hacked. Not as a result of your methods are weak otherwise you made a mistake.
However as a result of hackers gained entry to the third-party instruments you utilize!
It is annoying as a result of you’ll be able to’t simply cease utilizing these instruments. Actually, most of them assist you run your corporation. Nevertheless, there are issues you are able to do to reduce the impression when it occurs.
On this information, I’ll break down what provide chain assaults are, how they work, and what you are able to do to guard your self and your group.
Sidenote: If you wish to discover ways to defend towards these and different points then take a look at my complete Cyber Security Bootcamp!
Up to date for 2025, you’ll study the precise methods and instruments it is advisable know to assist your self and even different corporations shield and defend digital property from these black hat hackers.
With that out of the best way, let’s get into this 5-minute information.
What are provide chain assaults?
The best technique to rob a home is to undergo an open door, and provide chain assaults use that very same precept. Quite than making an attempt to hack you and your safe methods, they hack third social gathering instruments as an alternative.
Assume e-mail platforms, dashboards, and so on.
Mainly, the instruments you utilize which are already in your community, to allow them to get inside with out you even realizing about it.
For instance
A couple of years in the past, hackers managed to insert malicious code into a legitimate software update from an organization referred to as SolarWinds on their Orion platform.
This hack meant that when prospects put in a verified replace, attackers gained backdoor entry to their methods.
Now, for many of us, this firm doesn’t imply something. Nevertheless, this software is utilized by everybody from small groups to main firms and even authorities companies world wide.
This meant they managed to get entry to actually hundreds of corporations without delay.
And the factor is, provide chain hacking isn’t restricted to simply software program. It could also be installed on hardware components, firmware updates, and even improvement instruments.
Scary stuff!
So how will we shield ourselves from this?
Learn how to shield, detect, and put together for provide chain assaults in your methods
The truth is, you’ll be able to’t absolutely forestall a provide chain assault as a result of it’s out of your palms. Like we noticed with the SolarWinds hack, if a vendor will get compromised, then even ‘trusted’ information could be contaminated.
Nevertheless, you’ll be able to construct higher practices and methods to restrict the impression and get better sooner when it occurs.
So let’s work by way of the frequent steps now.
Step #1. Map your dependencies
Among the finest methods to defend your system is to concentrate on what’s in that system. That manner, if something occurs, you’ll know if it impacts you, and you’ll kind it ASAP.
So begin by making a full stock of what’s working in your setting.
This contains:
-
Put in purposes (each native and cloud-based)
-
Browser extensions and plugins
-
APIs or integrations that join methods collectively
-
Dependencies inside your codebase, like NPM packages, Python libraries, or Docker pictures
The excellent news is that this doesn’t must be sophisticated. You possibly can simply throw all of it right into a spreadsheet, then record every software, what it does, who owns or manages it, and whether or not it has entry to delicate information.
Additionally, there are instruments that can assist you with this.
When you’re working with code, then you need to use OWASP Dependency-Check or npm audit to mechanically determine what libraries you’re utilizing.
These will scan for any identified vulnerabilities whereas additionally figuring out your libraries, so it is a win-win state of affairs that can assist you get organized and safe, and test for points sooner or later.
You too can use configuration administration databases (CMDBs) or asset discovery instruments like Lansweeper to map dependencies throughout methods for you.
After getting all these tracked, attempt to create a behavior of reviewing your dependency record quarterly, if doable. This fashion, you’ll be able to prune what’s not wanted or getting used, so you’re not leaving unsecured backdoors.
Step #2. Use zero belief as customary
When you’ve mapped what’s working inside your system, the subsequent step is to tighten how these instruments work together with all the things else so you’ll be able to scale back the impression.
We name this idea ‘zero belief’.
Mainly, we’re going to imagine that in some unspecified time in the future, you can be hacked, so you’ll be able to’t simply belief that all the things shall be safe. Nevertheless, by limiting customers’ and software program’s entry to solely what’s wanted, it then limits what the hackers can work together with.
Higher nonetheless, it additionally signifies that they’ll’t elevate their entry or wander throughout your community, as your firewall, IAM insurance policies, or container limits gained’t allow them to, and so they’re caught inside the permissions you’ve outlined.
So begin off by reviewing who and what has entry to your methods, and assess if they’ve the precise stage of entry.
For instance
-
A software that solely must learn information shouldn’t have permission to write down it
-
A reporting dashboard doesn’t want entry to your manufacturing database
-
And if a contractor’s undertaking is completed, shut their account as an alternative of holding it round “simply in case”
It’s simple to type of run by way of putting in instruments and never take into consideration the entry you’re giving them, so going again and checking may also help deliver up any potential points.
So right here’s how to do that.
You’re going to wish an identification and entry administration (IAM) system. You need to use instruments like Okta, JumpCloud, or others.
The setup with these instruments will fluctuate relying on which one you utilize. Nevertheless, you need to be capable to do the next with every of them:
-
Begin off by creating roles for every crew or software primarily based on what they really want, and assign permissions to these roles and to not people. That manner, when somebody adjustments groups or a vendor integration evolves, you’ll be able to replace their position as an alternative of chasing down dozens of accounts
-
Subsequent, go forward and implement least privilege by default. Most methods allow you to toggle read-only or restricted modes for related instruments. If an app solely must fetch information, hold it read-only. If it ever wants admin entry for a particular activity, make that entry time-limited so it expires mechanically
-
Then, isolate and section your environments. Maintain your manufacturing methods, admin consoles, and take a look at setups separated in order that even when one is compromised, the others stay protected
-
And at last, log all the things. Each login, each new connection, each permission change. You don’t must evaluation them each day, but when one thing appears off later, these logs can then assist you slim down the problem
Easy!
These will scale back the impression of just about any hack. Nevertheless, we are able to scale back it even additional if we are able to catch it early with the subsequent step…
Step #3. Monitor for uncommon habits
Monitoring instruments permit us to note when one thing doesn’t look proper after which act earlier than it spreads additional.
You can begin off small utilizing fundamental built-in instruments like Windows Defender, and even higher, use a specialised SIEM (Safety Data and Occasion Administration) instruments like CrowdStrike Falcon, or instruments like Wazuh, or Graylog, so you’ll be able to monitor endpoints and flag suspicious exercise.
These are nice as a result of they don’t simply search for identified malware. In addition they attempt to spot unusual habits, like an app making an attempt to run code that it’s by no means used earlier than or making connections to unknown servers.
Once more, the setup will fluctuate relying on the instruments, however you’re going to wish to:
-
Be sure logs are enabled and saved someplace central so you’ll be able to evaluation them later.
-
Then, arrange alerts for key adjustments corresponding to new consumer accounts created, failed logins, system reboots, or configuration edits, as these are sometimes the primary indicators of hassle
That being stated, it is price beginning off small and determining what ‘regular’ appears like in your setting. This fashion, you gained’t arrange alerts for the incorrect issues or be overly delicate, and even miss something.
I extremely suggest one in every of these should you don’t have one in place but. It’s because most main breaches (not simply provide chain assaults) go undetected for weeks or months just because nobody’s awaiting the alerts that they’re hacked or infected. Even small, easy monitoring setups can lower that point dramatically.
After all, when you’ve discovered a problem, you then have to do one thing about it…
Step #4. Learn how to reply when the hack is discovered
There are a couple of fundamental steps you’ll be able to observe to take care of a possible hack.
Affirm the problem is actual
So that you’ve had an alert or seen some odd habits. Nevertheless, earlier than elevating the alarm or freaking out, take a minute to substantiate whether or not it’s reputable or if it is a false alarm.
For instance
-
If somebody lastly logged into an account they haven’t used shortly, attain out to them and see what they had been doing
-
But when it is taking place at 3 am and they’re sending information forwards and backwards, then that is an enormous purple flag. It may very well be that somebody has distant entry to their account.
Include the harm
When you suspect an assault, isolate affected methods immediately. That would imply disconnecting a compromised workstation from the community, disabling an account, or quickly suspending integrations.
The purpose is to cease the unfold with out taking down all the enterprise.
Learn the way it occurred
As soon as issues are contained, determine how the attacker obtained in:
We have to determine this out earlier than we are able to take away the problem and repair it. So undergo your logs and SIEM to see the place the problems arrived.
Necessary: You may need obtained an alert and a hotfix from a software already.
Don’t assume you’re protected, although. It may very well be that they escalted aand gained additional entry elsewhere so it is advisable test all the things. Don’t skip on checking these longs and determining the impression!
Eradicate, get better, and restore
When you’ve discovered the problem, go forward and repair it. Then, use backups to revive clear variations of methods.
I can’t emphasize sufficient that it must be clear. In case your backups are related to the compromised community, then they is also affected, so offline or off-site copies are most secure.
Study and report
Even should you’re a 1-person crew, it’s price holding monitor of points and making an incident report for your self after you mounted it.
It’d seem to be overkill, however these could be extremely useful for your self and future crew members.
So go forward and make a remark of:
-
What occurred?
-
What was the foundation trigger?
-
What was the answer?
-
Did something trigger delays?
-
How will you enhance on this subsequent time?
-
How will you forestall this from taking place once more (or scale back the possibilities)?
Begin monitoring at this time!
You possibly can’t management whether or not a vendor will get hacked, however you’ll be able to management how prepared you’re when it occurs:
-
Evaluate the instruments your organization already makes use of
-
Test what information they’ve entry to
-
Tighten permissions by position
-
Take away what’s pointless, and doc what’s left
Then construct habits:
-
Check updates earlier than rolling them out
-
Arrange monitoring to your methods
-
And hold a transparent response plan prepared for when one thing slips by way of
The work you do now may very well be the rationale a future breach stops at one system as an alternative of spreading throughout your whole community.
P.S.
Only a heads up, however should you resolve to hitch Zero To Mastery as a member, you get access to ALL of my Cyber Security courses and extra.
Every tech course on the platform is available in a single membership, in addition to access to our private Discord server.
Right here you’ll be able to chat to me, different college students, and dealing cyber safety professionals, and get assist with any questions you may need 24/7.
It’s the very best funding you can also make to enhance your Cyber Safety in 2025.
Greatest articles. Greatest sources. Just for ZTM subscribers.
When you loved this publish and wish to get extra prefer it sooner or later, subscribe beneath. By becoming a member of the ZTM neighborhood of over 100,000 builders you’ll obtain Internet Developer Month-to-month (the quickest rising month-to-month e-newsletter for builders) and different unique ZTM posts, alternatives and affords.
No spam ever, unsubscribe anytime
Try my different articles and guides:
![[September 2025] AI & Machine Learning Monthly Newsletter 💻🤖](https://links.fastx.co.uk/wp-content/uploads/2026/03/AI___ML_Monthly__1___1___1_-1.webp-1-390x205.webp "[September 2025] AI & Machine Learning Monthly Newsletter 💻🤖")
![[November 2025] Python Monthly Newsletter 💻🐍](https://links.fastx.co.uk/wp-content/uploads/2026/03/Python_Monthly.webp-390x205.webp "[November 2025] Python Monthly Newsletter 💻🐍")
![[October 2025] Web Developer Monthly Newsletter 💻🚀](https://links.fastx.co.uk/wp-content/uploads/2026/03/Web_Dev_Monthly-390x205.png "[October 2025] Web Developer Monthly Newsletter 💻🚀")
