Supply Chain Council of European Union | Scceu.org
News

Cyber breaches on supply chain are growing 37% every year – how to secure it against attackers

In the best of times, supply chains are the most sensitive and vulnerable part of a business process. To add to the disruptions caused by the pandemic and the Ukraine Russia war, cyberattacks too are affecting the supply chains.



In March 2022, the McKinsey Quarterly Global Survey identified global supply chain disruptions as a serious business risk for the first time. Apart from geographic or political instability, a high level of cyber risk vulnerability is adding to the crisis.

Deloitte’s Cyber Threat Intelligence did a deep-dive on the cyber risks that companies have faced to their supply chain over the pandemic’s height, and the results are shocking.

Discover the future of SaaS in India

The 6-part video series will capture the vision of Indian SaaS leaders and highlight the potential for the sector in the decades to come.Watch on Demand
Our Speakers

Girish Mathrubootham
Brian E. Taptich

Average cyber breaches on supply chains going up by 37%


As much as 40% of all manufacturing brands faced cyber outages to their operations during the pandemic. BlueVoyant Research’s
second Annual Global Survey into Third-Party Cyber Risk Management research says, “97% of firms surveyed have faced

negative impacts due to a cybersecurity breach in their supply chain.”

It also said that the average number of breaches in weak supply chains has been increasing by 37% year on year, and the growth trend is expected to continue in 2022 as well.

The European Union Agency for Cybersecurity (ENISA) report –
Threat Landscape for Supply Chain Attacks, which analyzed 24 major attacks, showed that even strong security in place is not adequate.

Supply chain cyber attacks may go undetected for long periods, but continue to inflict damage on their host. With a steady increase in sophistication and novelty of cyber-attacks, this could mean millions of dollars drained before the company even becomes aware of the vulnerability. Since a supply chain platform houses vendors, customers as well as all production and distribution data — it could be very dangerous.

They’re coming for your customer data


The ENISA report says that two-thirds of all attacks were through chinks in supplier codes. This immediately identifies the problem and recommends the solution, better validation and verification of supplier codes for security tampering.

Almost 60% of attacks target customer data which could mean complete annihilation of the business, if successful. So clearly, better control on PII ( Personally Identifiable Information) needs to be in place.

Clearly, between supplier codes and customer Identity data, organizations need to implement much stronger checks and balances on codes, ID, and access data.

Here are a few things CISOs can do to secure their supply chain in these trying times:

  1. Every supply chain element should have a cyber security maturity assessment exercise. While innovation in the supply chain process is welcome, there is a real need to perform a risk assessment for modules or functionalities, regularly. This assessment should cover every new point on the supply chain platform- OT environment, business networks, control systems, and products, and of course advanced IT protection metrics like IP protection, control systems, and even third-party risks. In addition, an inventory of all assets should be securely maintained, and that needs to include patch-relevant information.
  2. Act upon the assessment insights: the result of this assessment needs to be analyzed for doable activities and put into action immediately. They should be the base to create a secure supply chain risk minimization strategy. The risk should be brought to the notice of corporate leadership so that appropriate action can be taken to secure the operations. Defining risk criteria for both suppliers and customers- software dependencies, risk points, loss of critical access control- all need to be identified and documented.
  3. Establishing a leadership-level cybersecurity governance programme: to ensure that proper governance structures are established, to monitor the risk appetite and resiliency of the organization’s OT, including its supply chain.
  4. Digital support for the tech-transformation: While digital transformation has been a buzzword for a couple of years now, the pandemic, and then the Ukraine attack has crunched the timelines- now it is an issue of survival. Getting digitally transformed is a big leap in assuring a more secured, robust, and resilient supply chain platform, across sectors.

All suppliers and service providers need to be screened stringently and their access data and supplier codes should be carefully validated since the source of the attack is often difficult to identify. The same goes for customer ID data. All asset data shared with suppliers need to be classified, and documented and relevant procedures for their security need to be clearly defined and documented.

Despite these checks in place, the threat from cyber miscreants is always present. The cyber threat landscape is constantly evolving, and vulnerability could be housed anywhere. It is the need of the hour for both the decision-makers as well as technology users to ensure no data is breached while keeping in mind the safety of users of the tool.

SEE ALSO:

Apple iPhone 13, iPhone 12, iPhone SE and more are now cheaper by up to ₹11,901

All about the Agnipath recruitment scheme for the armed forces

Related posts

TAP Financial Launches Fulfillment Company to Assist Clients with Supply Chain Funding and Order Growth

scceu

Network Rail supply chain engagement called into question

scceu

Gartner Announces Gartner Supply Chain Symposium/Xpo™ 2022

scceu