Stop trying to prevent every cyberattack. Start planning to survive one.

Iran-linked hackers recently launched cyber activity across the networks of several U.S. organizations, including a software supplier serving the defense and aerospace industries.

As geopolitical tensions escalate, organizations should expect increased cyber activity targeting government agencies, contractors, and the supply chains that support them. Much of this cyber activity will be opportunistic rather than highly sophisticated – focused on exposed systems, weak credentials, or unpatched vulnerabilities.

Hacktivists and proxy groups may also attempt to amplify disruption through intimidation campaigns, creating psychological impacts.

However, in supply chain environments, even limited access can cause operational disruptions – with significant consequences.

Federal agencies and contractors must reduce their exposure by working with suppliers to adopt an “assume breach” mindset, strengthen visibility, and reinforce fundamental cybersecurity practices.

Assume breach

Preventing every cyber incident is unrealistic. The attack surface is too large and expanding too quickly for defenders to lock down every possible entry point. Supply chain attacks make this even harder, especially when malicious activity is delivered through trusted software updates or legitimate vendor access that organizations are designed to allow.

Agencies and contractors must adopt an “assume breach” mindset, in partnership with their suppliers. The goal isn’t to prevent every intrusion; it’s to limit the blast radius and maintain operations when prevention fails.

This requires a clear understanding of where agencies are exposed, how attackers can move laterally across connected systems, and which assets matter most to mission success. Once those paths are understood, protections can be prioritized where they will have the greatest impact.

An assume breach mindset puts speed and containment ahead of false confidence in prevention. Teams must be able to detect abnormal activity early and stop it before attackers can move laterally across the environment. When that visibility is missing, adversaries are free to operate undetected and expand their access.

The goal is resilience, not perfection. Limiting impact and protecting mission-critical systems enables agencies and contractors to maintain operations during a cyber incident. Not the illusion that every attack can be stopped.

Improve visibility

Contractors, agencies, and suppliers need a clear understanding of how systems connect, how data moves, and where external partners have access to operational resources. Without that visibility, malicious activity can blend into normal traffic until an attacker has already moved deep into the environment.

Mapping how systems and applications communicate establishes a baseline of expected behavior and exposes hidden dependencies between internal environments and external partners.

When that baseline exists, unusual connections and unexpected traffic stand out quickly — allowing teams to respond before a localized issue becomes a widespread disruption.

Identify crown jewels

Agencies and contractors must prioritize protecting the systems that matter most. Identifying the crown jewels — the assets whose compromise would have the greatest operational impact — allows teams to focus defenses where failure is not an option, from critical infrastructure and sensitive data to mission essential systems.

Suppliers often maintain operational access to internal systems, which can create potential entry points for adversaries. A compromise within a partner environment can quickly become a pathway into government networks if those connections are not carefully managed.

Understanding these dependencies allows agencies, contractors, and suppliers to prioritize protections around the systems and relationships that present the greatest operational risk.

And don’t overlook the fundamentals. Validate patches, eliminate default credentials, enforce strong multifactor authentication, reduce exposed services, and actively monitor logs and alerts. These basic steps close off easy points of entry and shore up systems attackers routinely exploit.

Alignment with Zero Trust architecture mandates, global standards like ISO 27001, and supply chain security requirements such as the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) is essential.

These frameworks move security from guidance to accountability, requiring suppliers to address known gaps and risks that might otherwise be ignored until an incident occurs.

Build supply chain resilience

Supply chains will remain a prime target, particularly during periods of geopolitical tension and instability. Managing that risk starts with an assume breach mindset, stronger visibility across interconnected environments, and clear cybersecurity expectations for suppliers, agencies, and contractors.

The goal is resilience — not perfection. By prioritizing protection of mission-critical systems, improving detection, and containing threats before they spread, agencies and contractors can limit disruption and sustain operations.

In today’s interconnected supply chains, that resilience isn’t just a security requirement — it’s essential to protecting federal missions and national security.