Supply Chain Security - is your back door open

Richard Harris

Your supply chain could be compromised and provide a camouflaged entry for cyber criminals to hunt and attack using vulnerable building systems which have or can gain access to your company/organisation valuable data/info - which can be misused, altered, sold to other criminals or used to disrupt operations and a lot more.

I hope you enjoy the read and please feel free to contribute your thoughts, views and past experiences. Please follow me so I can share more Workplace Facilities Management articles with you.




Richard Harris

Workplace Facilities Management Professional MSc FM CIWFM 

Cybercrime - close the back door to cyber criminals

Over indulgence in IoT Technology and the ever increasing desire to improve and innovate the workplace can leave security somewhat neglected and exposed.

Community, collaboration and human experience are the front runners in the modern workplace which is often enabled by an increasing ecosystem of IoT Tech.

Adopting IoT Tech at great pace within the workplace to enhance services, building performance and human experience can come at a hidden cost, if time is not taken to ensure oversight of your supply chain security governance.

Supply chain cyber attacks are real, dangerous and costly. Cyber criminals can gain entry by impregnating a 3rd party provider, supplier of IoT Tech products and services which could have access to your company data/info – which is the target of the cyber criminal.

Brand, image, credibility can be lost at a touch of a keyboard along with substantial financial loss, some companies, organisations may never recover from the aftermath of a cyber attack.

Supply Chain - Security Threats

Ignoring the possible threat of the supply chain is not a option worth taking. Billions of UK pounds are lost to cybercrime, don't be the next victims.

The British Airways cyber attack and the 2020 USA federal government data breach demonstrate cyber capabilities of criminals gaining entry through the supply chain.

It is important that due diligence is taken to understand the security governance of your provider, supplier before introducing any products, services and systems to your buildings that can infiltrate your IoT Tech ecosystem.

Building systems designed to operate and monitor HVAC, Lighting, Fire Systems, Access Control, Energy Systems and smart building tech integration can all be a backdoor for cyber criminals to gain access.

The current trend we are seeing for data for building and service utilisation and performance trends, could be the gateway cyber criminals are seeking.

Product manufacture, system design, installation, ongoing servicing and software updates and development could provide opportunities for cyber criminals to gain entry to your company, organisation systems and onto their valuable data and information.

The entry point may be left open deliberately or as a result of unknown bad design and error by manufactures. Data breaches, information loss, drop in performance or stoppage of building operations can all be a result of poor supply chain security diligence.

Cloak – & – Dagger

Mystery, intrigue and secrecy is the glamorous view of cybercrime held by some. Reality is different pain, hurt, suffering and loss.

To understand why cybercrime is so prevalent in today’s workplace you need to understand those behind the crimes. Anyone with the capability and desire to commit cybercrime can go down the slope of criminality. Types of well documented offenders include the below.

Young Person mischievous, playing pranks, being naughty, experimenting with their computer skills. 

Activist aggressively targeting those who do not align with their religious, social or political views and beliefs.
Disgruntled Employee who is dissatisfied with their job.

Stalker with an unhealthy fixation on a company, organisation or individual, intent on doing harm or destruction.

Hacker sometimes part of a hacking group, who use their expertise to gain entry and access to info/data. They are not always looking for financial gain.

Criminal Gangs who specialise in cybercrime, with financial gain there target, who sometimes offer Cybercrime -as a service.

State Actors engaged in cyber warfare or economic gains, manipulation.

Chameleons with the ability to change their true colours, looking like any of the above offenders of cybercrime, with the intention of hiding their true identity and intent.

HELP is out there

The UK independent authority on cyber security the National Cyber Security Centre NCSC based in London, combines professional prowess of other well known cyber identities in the UK, providing guidance and support for SME’s, companies, organisations and the public. They actively work with the intelligence and security agencies both at home in the UK and internationally.

Take a look at the NCSC website for some great guidance for Supply Chain Security.

Thought … Are we moving to fast and putting our heads in the sand in regards to what can go wrong … Think Cybercrime

Bringing it all together

Cybercrime is growing and not showing any signs of stopping. Seeking advice and guidance on cybercrime with security professionals within your company, organisation or external can be the difference between being exposed or being safe. Protecting your brand, credibility, image, people, property and financial loss should be your first thought when you procure IoT Tech products and services from your supply chain

Latest Posts