Skip to content

What is it? 

A digital supply chain attack is a cyber attack that seeks to damage an organisation by targeting less-secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector, making it crucial to prepare for. 

The online nature of modern businesses means that digital supply chains are becoming larger and more complex, making it increasingly difficult for companies in the chain to ensure they are protected. This is because they have no way of knowing what cyber processes and procedures others might have. This scenario looks to what you can do to mitigate these risks.

The exercise is split up into four injects with each inject containing multiple discussion points. This will allow organisations to review and refine their contingency plans if a cyber attack were to occur within their supply chain. 

The aims of this exercise are as follows:  

  • To investigate how your procurement process assures the security of suppliers.  
  • To determine what visibility you have of your data when it is stored by a third party.  
  • To think about what risks customer data is exposed to.  
  • To understand the complexities of your supply chain. Build an understanding of how supply chains can impact your security.  
  • To operate in a no-fault environment to check and test cyber security defences and capabilities. 

Why do it? 

Most organisations rely upon suppliers to deliver products, systems, and services. You probably have several suppliers yourself; it is how we do business. But supply chains can be large and complex, involving many suppliers doing many different things. Effectively securing the supply chain can be hard because vulnerabilities can be inherent or introduced and exploited at any point in the supply chain. A vulnerable supply chain can cause damage and disruption to an organisation and its customers. 

It is important for organisations to conduct cyber exercising to enable them to prepare for a potential cyber attack within their business and mitigate that threat as much as possible. 

Following the recent Colonial Pipeline attack that took down a major gas pipeline in America, a new attack surfaced that hit the American company, Kaseya. Hundreds of companies from all areas of business were directly hit by the supply chain attack, making it one of the biggest and far-reaching ransomware attacks in history. You can read our blog on this attack here: Threat intelligence: Kaseya – Scottish Business Resilience Centre ( 

Some of the benefits and key takeaways of cyber exercising include: 

  • Understanding actual versus perceived capabilities of people and technology. 
  • Figuring out where to invest budgets in training or new technology. 
  • Building muscle memory and reducing stress for security teams and management. 
  • Improving morale and team building. 
  • Meeting regulatory requirements. 

Who is it for? 

Exercise in a Box is aimed at any organisation, big or small, that are aiming to increase their cyber knowledge and perception. The digital supply chain affects every organisation in some shape or form. Understanding how a disruption impacts your organisation is critical in times of distress. Your supply chain may not be massive, but an attack on it may have massive implications for your company and customers. It is advised that organisations bring a diverse team and not just the IT department. This will ensure that more of the company is trained and not just a small part of it. 

You can sign your organisation up here: Scottish Business Resilience Centre Events | Eventbrite