By Zachary S. Rogers, Thomas Y. Choi and Seongkyoon Jeong ·
July 6, 2021
“They first went after our gas and then they went after our hot dogs.”
That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.
He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”
Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.
This is not a practice drill.
Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.
With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.
As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.
By Zachary S. Rogers, Thomas Y. Choi and Seongkyoon Jeong ·
July 6, 2021
“They first went after our gas and then they went after our hot dogs.”
That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.
He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”
Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.
This is not a practice drill.
Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.
With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.
As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.
July 6, 2021
Subscribe to Supply Chain Management Review Magazine!
Subscribe today. Don’t Miss Out!
Get in-depth coverage from industry experts with proven techniques for cutting supply chain costs and case studies in supply chain best practices.
Start Your Subscription Today!
