Cyber Security Services, 25th May 2025

Am I vulnerable to supply chain attacks?

What are Supply Chain Attacks?

Supply chain attacks are a major cyber threat facing organisations. These attacks can cause far-reaching and costly disruption, as they exploit vulnerabilities in a supplier's systems to gain access to a customer's network of contacts.

In recent years, there has been a significant increase in cyber attacks resulting from vulnerabilities within supply chains. This includes many high-profile incidents such as the SolarWinds attack or the 2023 3CX Desktop Software Attack, which were both caused by attacks that originated outside of their organisations.

What happened in the SolarWinds attack?

Over recent years, cyber attacks exploiting vulnerabilities within supply chains have escalated, causing widespread and costly disruptions. The high-profile SolarWinds attack serves as a stark reminder of the potential consequences.

The attack, which was discovered in late 2020, was a large-scale cyber espionage campaign that impacted numerous government agencies, businesses, and other organisations worldwide. Hackers infiltrated the IT infrastructure of organisations by compromising the software update mechanism of SolarWinds Orion, a widely used network management software. The compromised update served as a Trojan horse that gave the attackers backdoor access to networks, allowing them to steal sensitive data. The sophisticated nature of the attack and its extensive reach across various sectors raised serious concerns about global cybersecurity infrastructure and strategies.

What about the Draytek firewall attack?

You can view our recent client advisory documentation in which we informed clients about the widespread failures experienced by DrayTek firewall users on March 22nd, 2025. The document touches on the loss of internet connectivity, devices stuck in reboot loops and corrupted firewall settings. The document also highlights ongoing security vulnerabilities (CVEs) affecting DrayTek firewalls and the next steps for our clients and affected customers.

What is the current guidance from the National Cyber Security Centre?

Astonishingly, only just over one in ten businesses (13%) review the risks posed by their immediate suppliers, and the figure drops to a mere 7% for the wider supply chain.

The National Cyber Security Centre (NCSC) has recently published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains.

The National Cyber Security Centre reiterated that it is crucial for organisations to collaborate with their suppliers and establish robust security measures to safeguard against cyber security threats. The NCSC's guidance is specifically designed to help organisations effectively evaluate the cyber risks associated with their suppliers and gain confidence in existing mitigation measures.

Ian McCormack, NCSC Deputy Director for Government Cyber Resilience, said:

"Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers."

"With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place."

The guidance describes typical supplier relationships and potential weaknesses that might expose their supply chain to attacks. It also defines the expected outcomes and identifies key steps to help organisations assess their supply chain's security.

How can TwentyFour IT help keep businesses safe?

What We Can Do

We can help businesses such as manufacturers & logistics businesses protect themselves from supply chain cyber-attacks which they are known to be a target for attack. We offer a range of services, including:

Regular Cyber Security Assessments:

We can assess your organisation's Cyber Security Posture and identify potential vulnerabilities.

Advanced Email Security:

Ensure that all of your communications with suppliers are monitored for malicious content or signs of account takeover.

Managed Endpoint Detection & Response:

Use machine learning to monitor for unusual, suspicious or malicious files or activity that traditional anti-virus would not be able to protect against.

Security Operations Centre:

Our dedicated team can help your business respond to a cyber attack, minimise the damage, and recover your operations as quickly as possible. It’s like having a 24-hour dedicated support team available to you.

Contact Us

To learn more about how TwentyFour IT can help you to protect your business from supply chain cyber attacks, contact us today.

We Are Here to Help

We understand that the threat of cyber attacks can be daunting. That's why we're here to help you protect your business from the ever-evolving threats that businesses face. We have the expertise and experience to help you assess your risks, implement best-in-class cyber security solutions, and respond quickly to a cyber attack if it occurs.

Read our advisory.

Enquire Here

Recent Insights

TwentyFour IT Services Become Patrons of Doncaster Chamber of Commerce

1 April 2026

TwentyFour IT Services are exhibiting at Doncaster Business Showcase 2026.

13 February 2026

TwentyFour Partner with Harrison College to Support Students

12 February 2026

The Essential Guide for your 2026 IT and Cyber Security Budget

30 January 2026

View All

"Alex was a treat and understood the frustration. "

— Danny Gouland ★★★★☆ (4.0) Apr 01, 2026
"Very helpful and speedy to assist me, problem was solved in a matter on minuets ! :)"

— Sian Walk ★★★★☆ (4.0) Apr 01, 2026
"Fabulous and quick "

— Kelly Hicks ★★★★☆ (4.0) Mar 30, 2026
"very helpful and excellant service "

— Michael Donnelly ★★★★☆ (4.0) Mar 30, 2026
"Quick response and solution. "

— Yik Cheak Su ★★★★☆ (4.0) Mar 30, 2026
"Sessna is always super efficient - 10/10 thanks "

— Adrian Burch ★★★★☆ (4.0) Mar 27, 2026
"EXCELLENT BEST SERVICE EVER FROM I.T"

— Selwyn Pacheco ★★★★☆ (4.0) Mar 26, 2026
"solution was faster when attend "

— Julio Haas ★★★★☆ (4.0) Mar 26, 2026
"Connor was very helpful and sent over link to log required ticket. 10/10"

— Lee Walker ★★★★☆ (4.0) Mar 26, 2026
"Owen has been very helpful over the couple of days so thank you "

— Nikki Griffiths ★★★★☆ (4.0) Mar 26, 2026

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.