Foreign policy has always been a rocky and somewhat uncertain landscape to be navigated by American businesses, but it has arguably never been more chaotic and unpredictable than it is at this moment. Even sensible solutions have the potential to create new challenges: As new tariffs disrupt global trade and force supply chain executives to reevaluate vendor relationships, operational infrastructure and budget allocations, they may be simultaneously exposing critical cybersecurity weak points across the supply chain.
With both cyber defenders and bad actors now leveraging advanced artificial intelligence tools, the deciding factor in which side prevails comes down to eliminating preventable vulnerabilities. Organizations theoretically may possess something nearing complete control over their own cybersecurity infrastructure, but they may be exposed to – and perhaps completely unaware of – weaknesses introduced by third-party vendors and outdated risk management strategies.
In the midst of widespread supply chain adjustments and vendor shakeups across industries, businesses must begin proactively securing their digital and physical infrastructures. With economic uncertainty and supply chain restructuring appearing to be the new normal for the foreseeable future, the onus is on supply chain leaders to prevent new or restructured vendor relationships from putting their organizational cybersecurity at undue risk. So how do businesses, supply chain leaders and cybersecurity teams manage the challenge?
Why tariffs exacerbate the risk involved with third-party vendors
The first step in working the supply chain vulnerabilities problem is fully understanding it. The latest tariff rollouts are forcing the reworking of vendor relationships, data center strategies and overall operational infrastructure for many businesses. In the rush to adapt, cybersecurity is often overlooked, leaving gaps that attackers are quick to exploit.
A cyberattack has the potential to do far more damage to a business than data theft alone. It can stop shipments, shut down systems and create compliance headaches. Many organizations rely on external software, payment processors and logistics tech, creating a hyper-connected supply chain in which even one compromised partner can disrupt the entire flow.
Businesses that fail to properly vet their vendors for security are throwing the backdoor wide open to threat actors. Third-party vendors are arguably an operation’s biggest vulnerability under the best of circumstances, and that risk will grow as teams bring on new partners to manage the ongoing tariff fallout.
Knowing the tools (and tricks) of the cyberattacking trade
Artificial intelligence development has become a sort of technical arms race between cybersecurity teams and threat actors, with each side having access to many of the same technologies, techniques and know-how as the other. Bad actors are now searching more assiduously than ever for vulnerabilities, outdated software and undetected weak points within a business’ cybersecurity infrastructure, which, by extension, may include that of its third-party supply-chain vendors.
But even if they are working with similar resources, defenders and bad actors are held to vastly different standards. A cybersecurity team must perform at a 100 percent success rate or risk potentially catastrophic fallout. Attackers, on the other hand, only need one data breach across all their efforts to complete their mission. Weak oversight of new vendors, internal shortcuts, one exposed link – any of them can tip the balance fast.
And because phishing scams are getting smarter and more personal – they are going back to social engineering, but with AI upgrades – businesses must be on high alert. Defenders and attackers aren’t fighting a battle of AI tools that cancel one another out. Threat actors are targeting human vulnerabilities with fake emails from vendors, spoofed IT team calls and deepfake voicemails from “executives” that are more sophisticated and convincing than anything previous generations of cyberattackers were able to muster. Teams need to know how to spot the red flags and appropriately train their employees.
How businesses fight back against tariff-driven cyber threats
Although cybersecurity in a post-tariff business environment may sound dire, there are measures businesses can take to mitigate risk, especially with regard to supply chain vulnerabilities and third-party exposure.
First, and perhaps most importantly, is training. Not only should an organization’s own employees receive ongoing cybersecurity education, but businesses should make third-party agreements contingent on vendor-employee training that helps ensure stakeholders otherwise outside their control are doing their part to protect the supply chain cybersecurity infrastructure. As AI-driven cyberattacks grow more clever and more difficult to detect over time, a little bit of regular training goes a long way.
Additionally, supply chain leaders must recognize that cybersecurity can’t be left up to an IT department alone. In-house IT teams are rarely equipped to manage the modern breadth of cybersecurity risks and their constantly evolving nature. Security must be built into procurement, vendor onboarding and budget planning. That means cross-functional alignment and threat-sharing, with clear processes to assess, monitor and respond to risk across the supply chain ecosystem.
