Following the UK Government’s new supply chain cybersecurity guidance, Northdoor plc has raised concerns that the recommendations fall short in helping businesses defend against sophisticated ransomware attacks.
While the guidance, developed with the Counter Ransomware Initiative and its Private Sector Advisory Panel, encourages organisations to strengthen defences, it does not address hidden vulnerabilities within extensive third- and fourth-party networks. Northdoor calls for smarter, tech-driven approaches that equip companies with actionable tools to secure complex supply chains effectively.
AJ Thompson, Chief Commercial Officer at Northdoor plc, commented:
“There is little doubt that supply chain attacks are now the most effective method cybercriminals are using to gain access to data and systems. The attacks against high-profile targets over the past few months should have acted as a wake-up call to all businesses.”
“The issue is that most supply chains are now so large and complex, understanding where vulnerabilities lie within third parties or even further down the line is for most an impossible task. Therefore, advice from the Government is welcomed, but it needs to be more proactive, less bland, than what we have seen so far.”
“Without insight as to where the weaknesses lie within supply chains, companies are essentially leaving the back door open, no matter what they spend on frontline defences.”
Northdoor is calling for a shift away from outdated, questionnaire-based risk assessments toward AI-driven solutions that offer a 360-degree view of supply chain vulnerabilities. These technologies can provide real-time, actionable intelligence, something traditional methods simply cannot match.
“The Government and companies need to appreciate that the response to supply chain attacks needs to be on par with the sophistication that the cybercriminals are using,” Thompson added. “This doesn’t mean huge expense, but it does require a new mindset.”
The alert comes as the UK also signs a new UN treaty on countering cybercrime, another step in the right direction, but one that must be backed by practical, tech-enabled action if it’s to make a meaningful difference.