Cybersecurity and Supply Chain Risks

As supply chains get increasingly digitized, the risks of supply chains being undermined by cyber attacks also increases, making cybersecurity vital to supply chain health.

Digital transformation is something that is crucial for supply chains going forward. If they are to keep up with the market demands that are placed upon them, they need the efficiency, productivity, and precision digital tools bring with them. However, with the considerable upside of digitization also comes risks.

Supply Chain Digital recently released an article outlining just how significant a challenge cybersecurity has become for supply chains, stating,

Research from Ponemon Institute indicates that cybersecurity is a growing supply-chain challenge, with 56% of organisations reporting to have had a breach that was caused by one of their third-party vendors.

That means more than half of those in the supply chain industry have dealt with cyber attacks already. That is a hugely concerning number and all the more reason for companies to make cybersecurity a priority. With that said, in order for companies to have optimal cybersecurity, they need to pinpoint the areas that present the greatest risk.

This week’s article by Morai Logistics highlights some of the most significant cybersecurity threats supply chains face today.

Software

A vast majority of companies use software for their supply chain operations that aren’t their own. That means they have to rely on software provided to them by a third party. As a result, there are many avenues through which they can be compromised. The software itself has to be diligently vetted to make sure that it can’t cause harm, but the threat doesn’t end there.

Each software update can bring with it a renewed risk. What’s more, often these updates are automatic, making it impossible to assess them before they’re already up and running. Finally, software issues can even arise from someone from a third party being brought in to run diagnostics, and it’s hard to know what they’re bringing in as they plug their laptops into a company’s supply chain network.

Hardware

Much in the same way as software, hardware is rarely built in its entirety in-house. It’s far more likely that companies will use hardware that isn’t their own, opening themselves up to cyber vulnerability. Each device or piece of equipment has the potential to be used to steal data or seize control of the system it’s being operated on. Thus, just like with software, third party providers  have to be stringently reviewed.

Network Services

The network service a company uses to host its digital traffic, if public, has the potential to have bad actors on it. Actors who can hijack company data. In turn, the company’s operations can be severely compromised. However, the solution to this is straightforward: the use of private networks.

Other Threats

The list of other potential threats is extensive. Cloud computing, the internet of thing (IoT), and third party vendors are all areas from which cyber attacks can arise. It’s worth touching upon the first two.

The risk of using a cloud for shared data storage is that it’s an easy target for hackers. What’s more, many devices’ default setting is to link their data to a cloud, providing an easily overlooked vulnerability. Similarly, the IoT can be a cybersecurity risk. A security camera, for example, when connected to the internet can be accessed remotely by malicious actors. Who, in turn, can spark a considerable privacy breach.

The simple fix for these issues and others is to take a safety-first approach. Rather than rushing to adopt new technologies, softwares, and devices, companies need to carefully access each of them. Only after thorough inspections, safety protocols, and when safeguards are put in place, should these new elements be adopted.

Morai-Logistics-Blog-cyber-threats

Relying on many moving parts and technology, today’s supply chains are especially vulnerable to cyber threats.

Just a couple of weeks ago, Ukraine was hit with vicious cyberattack severely damaging its computer infrastructure. Dubbed ‘NotPetya’, the computer worm responsible is also believed to have shut down ports, factories and offices across an estimated 60 countries.

The attack is just the latest in a growing number of international cyber attacks and data breaches. Several high-profile retailers and their supply chains are among that number.

Cyber attacks may be relatively new, but their impact on global supply chains keeps growing. A compromised system only negatively affected some individuals in the past. However, recent news reminds us that the scale is much bigger these days. An entire section of global commerce can be shut down or compromised with only a few computers. For that reason, we are dedicating this post to covering the impact cyber threats have on supply chains.

Short History but Big Impact

Although they have a large impact today, cyber threats are a relatively recent phenomenon. The first recognized attack according to NATO Review Magazine, was by the Morris worm in 1988. It spread across several US computers, gradually slowing them down until they were unusable.

Cyber attacks really started making international headlines during the early 2000s. Before then, such attacks were usually the result of one or a few individuals. During this timeframe, they became systematic attacks against large organizations and governments.

Some notable examples are:

  • Plans for new US space launch vehicles being stolen by foreign hackers (2006)
  • Spywares were found in the computers of classified departments and corporate leaders during a China Aerospace Science & Industry Corporation (CASIC) intranet network surveyed (2007)
  • The Canadian Finance Department and Treasury Board were forced to disconnect from the internet after a major cyber attack was conducted against the country’s Department of National Defence (2011)

The Cost of Unsecured Networks

Its been estimated that data breaches and cyber attacks currently cost the international community $2.1 trillion annually. That number is set to increase as technology improves and hackers become more resourceful.

Two recent examples of retailers suffering from costly breaches are:

  • Target (2013)—the data of 110 million customers and at least 40 million payment cards were stolen. The attackers got in by stealing the network credentials from one of its vendors.
  • Home Depot (2014)—like the Target attack the year before, the people responsible stole the credit card information of its customers. The weak point was also a third-party vendor.

In just about every case, businesses incur losses in terms of financial penalties, legal costs, loss of consumer confidence, and a decreased stock price. The worst effect is the hit to the organization’s reputation.

On average, a U.S business that suffers such a data breach can expect to lose around $6.5 million when all it said and done.

With cyber attacks being a threat to organizations big and small, everyone needs re-evaluate the security measures they have in place. Ignoring the problem is too costly and simply too dangerous for everyone. Reuter’s contributor Tom Miles explains:

The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised

If you liked this blog post, why not subscribe to our blog? If you’re interested in what we do as a 3rd party logistics provider, don’t hesitate to check out our services (as expressed above, we are very pro finding you the lowest total cost!). We’re also in the twittersphere, so give us a follow to get the latest logistics and supply chain news.