We are thrilled to announce the launch of our highly anticipated Supply Chain Series of Events! Co-designed by our partners at the Yorkshire and Humber Warning Advice & Reporting Point (WARP) and HALO, this exciting initiative will be rolled out across the Northern WARP.
This series is thoughtfully crafted to engage not only technical professionals but also those in data protection and procurement/contract management roles. Spanning from April to November 2025, we will host five dynamic sessions that promise to deliver valuable insights and foster meaningful discussions.
In recent times, the public sector has faced an alarming surge in supply chain attacks, underscoring the need for heightened vigilance and cooperation. Last year alone witnessed a string of high-profile incidents, including the devastating Synnovis attack.
On June 3rd 2024, the Synnovis partnership, comprising Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospitals NHS Trust, and SYNLAB, fell prey to a ransomware cyberattack. The resulting IT crisis crippled the organisation’s capacity to process samples, inflicting a staggering estimated loss of £32.7m. This crippling blow not only disrupted profits in 2024 but also had a lasting impact on the organisation’s bottom line, with projected losses extending into 2025.
As detailed in accounts filed on Companies House, the estimated direct losses for 2024 stood at £32.7m, comprising £5.6m in pay costs and £5.8m in non-pay costs. The Synnovis attack serves as a stark reminder of the dire consequences of supply chain vulnerabilities, emphasising the imperative for the public sector to adopt robust measures to mitigate such threats.
This highlights the urgent necessity for us to continuously advocate for best practices and foster a culture of learning in this critical area. It also underscores the importance of strengthening collaboration between our cyber and data protection experts and procurement and contract management teams.
In light of this, we are excited to launch our new series of events focused on addressing these challenges. Below, you’ll find a detailed schedule of all the upcoming sessions. Don’t miss your chance to participate — register now for the sessions that interest you.
Session 1: Introduction to Supply Chain Attacks and Vulnerabilities within Supply Chains (09th April)
In this session, delegates will learn about the growing threat of supply chain attacks and how to protect their organisations. This includes an introduction to supply chain attacks, exploring their definition, history, and real-world examples like SolarWinds and NotPetya. Delegates will then dive into identifying common vulnerabilities in supply chains, such as third-party software and weak links, and analyse case studies of recent attacks.
Finally, in an interactive session, attendees will have the opportunity to map out their own organisation’s supply chain, identifying critical suppliers and dependencies, and assessing their security posture.
Session 2: Preventative Measures (13th May)
In this session, delegates will hear essential strategies for enhancing supply chain security, starting with supplier due diligence and vetting, focusing on best practices for vetting new suppliers and conducting ongoing security assessments, along with frameworks for security evaluations and successful case studies. Delegates will then discuss how to integrate security requirements into the procurement process, including important legal and regulatory considerations.
Finally, attendees will have the opportunity to hear an overview of crucial security controls, such as endpoint protection and encryption, and introduce technologies that bolster supply chain security, including blockchain for transparency and AI for threat detection.
Session 3: Incident Response & Business Continuity (09th July)
In this session, delegates will learn about the essential elements of incident response and business continuity planning, including, outlining the key components of an effective Incident Response Plan (IRP) and the critical steps to take within the first 24 hours after detecting a cyber-attack. Delegates will then explore the relationship between incident response and business continuity, emphasising the creation and maintenance of a Business Continuity Plan (BCP) and considerations for operational resilience.
Finally, attendees will discuss how to conduct a post-incident analysis, highlighting the importance of documentation and reporting for preventing future incidents.
Session 4a: Advanced Threat Detection and Analysis (09th September)
In this session, delegates will delve into advanced threat detection techniques crucial for safeguarding supply chains, beginning with an overview of sophisticated detection methods, including machine learning and behavioural analytics, as well as the tools and technologies designed to identify complex supply chain attacks. Delegates will then take part in a hands-on workshop, analysing a simulated attack using advanced detection tools.
Finally, attendees will explore the role of automation in threat detection, supported by case studies showcasing the effectiveness of automated systems in enhancing security.
Session 4b: Building a Security-First Culture (10th September)
In this session, delegates will focus on cultivating a security-first culture within organisations, emphasising the importance of employee engagement and leadership involvement. Delegates will then explore techniques for promoting security awareness among employees, including the development of training programs and campaigns, whilst examining the critical role leadership plays in driving a security culture, highlighting best practices for effective leadership engagement in security initiatives.
Finally, attendees will discuss strategies for sustaining and evolving the security culture over time, including methods for measuring its impact and ensuring its continued relevance.
Session 5: Wargame – Supply Chain Attack Simulation (05th November)
In this session, delegates will participate in a dynamic wargame simulation that puts participants to the test. The wargame is divided into two parts: introduction and execution, first teams are briefed on the objectives and structure of the wargame, and are divided into technical and non-technical groups. Next, a simulated supply chain attack scenario is executed, and teams respond in real-time, applying the knowledge and skills gained throughout the year.
Finally, attendees will have the opportunity to partake in a debriefing session to discuss outcomes and performance, as well as a knowledge quiz to assess retention of key concepts.
If you would like any more information on the series, please contact the programme coordinator Billy Smith.