Last December, in the midst of the busy pre-Christmas rush, about 300 Spar newsagents in the UK were effectively shut down due to a crippling ransomware attack. Card payments, ordering systems and email were all brought down. Some stores had to close their doors altogether, while others were able to maintain a basic service, but with a greatly amount of stock on the shelves.

The problem was traced back to their wholesaler, James Hall and Sons, who were affected first, with the attack worming its way into the Spar network.

And one of the largest data breaches in history, on the Target retail store in the US, happened via an attack on their HVAC supplier, with details of 110 million customers being stolen, and Target suffering a massive reputational and financial impact.

A supply chain cyber attack is where a company gets attacked via an attack on their supplier or vendor and these methods are increasingly being used as a way to get at a target company through indirect means.

Many businesses, particularly smaller enterprises, still don’t understand the risks of cyber attacks, or worse, that they are ‘too small’ to be attacked. Depending on the nature of your business, an attack may not be about you at all, but instead be a way to get access to information about a client. Even if you don’t have direct access to a clients computer systems, an attacker may be able to leverage data on your systems for other purposes, such as launching very convincing phishing mails against that client.

So when considering the impact of a cyber attack, look past the impact to your own company and consider what data you hold for others, and what potential risk there would be to clients if it were misused.


I work with small and medium enterprises to improve their security against online attack. If you are interested in discussing your security or taking steps to reduce your risk, feel free to reach out to me.