In early 2025, the U.S. government announced new tariffs aimed at Canada, Mexico, and potentially the European Union. While the tariffs on Canada and Mexico are temporarily on hold, businesses are already adjusting supply chains to prepare for the financial impact. Trade policies like these cause ripple effects across industries, and cybersecurity often takes a hit in the process.
Global supply chains rely on trusted partners, established security protocols, and predictable logistics. When tariffs force businesses to seek new suppliers, they may overlook cybersecurity in the rush to maintain production. This article explores how these changes create new vulnerabilities and what companies can do to protect themselves.
1. Overview of Recent Tariffs
The U.S. tariffs primarily target manufactured goods, raw materials, and select technology components.
Key Details:
- Canada & Mexico: 25% tariffs on manufactured goods, 10% on energy products (temporarily on hold)
- China: 10% tariffs on various imports
- EU: Potential future tariffs under discussion
- Reasoning: Economic leverage, border security, fentanyl trade concerns
These tariffs are part of ongoing geopolitical strategies that seek to pressure trading partners into economic or policy concessions. While these policies aim to protect domestic industries, they also disrupt the flow of goods and services, forcing businesses to find alternatives quickly.
2. Impact on Supply Chains
Tariffs increase costs, leading businesses to seek alternative suppliers. Many will look for partners outside affected regions or shift manufacturing in-house. These shifts come with consequences:
Disruptions & Adjustments:
- Supplier Changes: Companies rush to onboard new suppliers without fully vetting security practices.
- New Trade Routes: Goods may now pass through unfamiliar logistics hubs with different regulations and security risks.
- Third-Party Risks: More reliance on third-party service providers increases exposure to cyber threats.
Example: A Manufacturing Company Adapts
A U.S.-based electronics manufacturer previously sourced components from a trusted supplier in Canada. Due to tariffs, they switch to a new provider in Southeast Asia. The new supplier uses outdated security protocols, exposing sensitive design files to potential cyber theft. Weeks later, counterfeit versions of their products appear in the market, potentially damaging the company’s reputation.
3. Cybersecurity Risks Arising from Trade Disruptions
When companies adjust supply chains, they often do so quickly. Cybercriminals exploit these rushed transitions. Here are the top risks:
1. Phishing Attacks Targeting Uncertainty
Employees receive emails appearing to be from new suppliers or logistics partners. These emails contain malicious attachments or fake invoices, tricking recipients into revealing credentials or financial information.
Example: A logistics company handling new trade routes receives an email from what appears to be a customs office. The email requests a password reset for their tracking system. An employee, unaware of phishing risks, enters credentials, allowing attackers to hijack the company’s entire tracking system.
2. Supply Chain Attacks
New suppliers may have weak cybersecurity, making them easy targets for attackers who can compromise their systems and inject malware into products.
Example: A car manufacturer shifts to a new parts supplier. Months later, vehicles start experiencing software malfunctions. Investigators discover that malware was injected at the firmware level, allowing attackers to access vehicle systems remotely.
3. Data Breaches from Weakened Security Protocols
New partnerships often involve data sharing. When suppliers lack strong cybersecurity policies, sensitive information becomes vulnerable.
Example: A pharmaceutical company partners with an offshore chemical supplier. The supplier lacks encryption standards, leading to a data breach where proprietary drug formulas are stolen and sold on the dark web.
4. Case Studies
Case 1: NotPetya’s Supply Chain Disruption
In 2017, the NotPetya ransomware attack exploited weak security in supply chains, causing over $10 billion in damages. A single compromised accounting software update led to widespread infection, affecting major corporations, including shipping giant Maersk. The incident highlights the risks of trusting unvetted software or services.
Case 2: SolarWinds Hack
The 2020 SolarWinds attack showed how attackers could infiltrate widely used business software. By compromising updates from a trusted provider, hackers gained access to major corporations and government agencies, reinforcing the need to scrutinize software supply chains.
5. Strategies for SMBs to Mitigate Cyber Risks
Small and medium-sized businesses (SMBs) often lack dedicated security teams, making them prime targets. Here’s how they can protect themselves:
1. Vet New Suppliers Thoroughly
- Conduct security audits before signing contracts.
- Require cybersecurity certifications (ISO 27001, NIST, etc.).
- Implement supplier security agreements.
2. Secure Data Transfers
- Use encrypted communication channels.
- Avoid sending sensitive data over email.
- Require two-factor authentication (2FA) for access.
3. Train Employees on Cybersecurity Risks
- Teach employees how to spot phishing attempts.
- Run regular cybersecurity drills.
- Limit employee access to sensitive data.
4. Strengthen Incident Response Plans
- Develop clear protocols for responding to cyber incidents.
- Regularly update backup and disaster recovery plans.
- Monitor network activity for suspicious behavior.
Example Code: Automating Supplier Security Checks For businesses using Python, here’s a simple script to check if a supplier’s domain has been reported in cybersecurity databases:
import requests
def check_supplier_security(domain):
url = f"https://www.virustotal.com/api/v3/domains/{domain}"
headers = {"x-apikey": "YOUR_API_KEY"}
response = requests.get(url, headers=headers)
if response.status_code == 200:
return response.json()
else:
return "Error fetching data"
supplier = "newsupplier.com"
print(check_supplier_security(supplier))This script uses VirusTotal’s API to verify if a domain has been flagged for cybersecurity issues before engaging in business with a new supplier.
6. The Role of International Cooperation
No country can tackle cybersecurity threats alone. Governments and businesses must work together:
- Information Sharing: Organizations should share threat intelligence to detect attacks early.
- Cross-Border Cyber Agreements: Nations should collaborate on cybersecurity regulations to ensure consistent security standards.
- Public-Private Partnerships: Governments should work with private sector experts to create more robust security frameworks.
Trade tariffs force businesses to adapt quickly, but rushed changes can expose them to cybersecurity risks. Companies must approach new partnerships with caution, vet suppliers thoroughly, and prioritize cybersecurity alongside cost-saving measures.
The reality is simple: No deal is a good deal if it opens the door to cybercriminals. SMBs, in particular, should treat cybersecurity as a critical part of their business strategy, not just an afterthought. By taking proactive steps, businesses can protect themselves from both economic and digital threats in an evolving trade landscape.
Martin Baker
Martin Baker, Managing Editor at Decoded.cc, harnesses a decade of digital publishing expertise to craft engaging content around technology, data, and culture. He leads cross-functional teams, enforces editorial excellence, and transforms complex ideas into accessible narratives—fueling Decoded.cc’s growth and impact.
Leave a Reply