Going the Distance: Securing Supply Chains From Cyber Attack
All over the world, business are achieving their goals with more ease than ever before, thanks to digital disruption. Ambitions that would have taken decades to achieve in the past can now be attained in significantly less time, whether you are expanding globally, automating low-level tasks or scaling up. But this digital awakening has also made businesses vulnerable to cyber crime. According to the Federal Bureau of Investigation, U.S. businesses suffered $12.7 billion in financial losses in 2018 alone, and the hits keep coming.
The same connected world that gave us new customers and revenue streams has become an increasingly threatening landscape, and no industry is safe. Digitized companies of all shapes and sizes are vulnerable to security breaches, even without a data breach. In May, it was revealed that First American, a national real estate and insurance company, exposed 885 million sensitive customer financial records because the information was improperly stored. One month later, a data breach at Capital One bank exposed the personal and financial information of 106 million Americans.
Today’s supply chains are among the most exposed to the risks of digital disruption. A recent report released in conjuction with Censuswide, "The Future of the Supply Chain," revealed that cyber crime is considered one of the most acute threats to supply chains, supplanting other disruptive forces, including political uncertainty, trade wars and adverse weather events. The complexity and multi-layered nature of supply chains have made them an obvious mark for attack as well as one of the most complex targets to defend.
Overwhelmed by complexity
Supply chain executives are not blind to the threat of cyber attacks. More than 50% of organizations surveyed in the report say that cyber crime is one of the biggest causes of supply chain disruption. Ransomware and malware attacks, in particular, have crippled supply chains from the U.S. to Ukraine by mimicking routine updates. Global shipping giant Maersk was debilitated in 2017 when ransomware NotPetya was released on its update server. In 2018 Asus suffered a similar attack when malware was used to piggyback on the company’s Live Update tool, infecting more than a million computers.
Yet, as these incidents proliferate, many companies still lack a firm course of defense and are risking everything. Global supply chains are the most in need of firm strongholds. Covering half the world with both physical and digital connections, supply chains can include primary, secondary and tertiary manufacturers and dozens of other parties across land and sea. Over half (58%) of the organizations surveyed said they had five or more companies in their supply chains, with 14% having more than 50. That’s more than 50 potential nodes of disruption, expanding the attack surface for cyber criminals.
How can any business overcome these odds to safeguard the supply chain?
Mounting a coordinated response
Beating off a technological threat requires even better technology. As many as 44% of supply chain experts surveyed said that state-of-the-art technology would be their first lines of defense against future threats. The importance of investing in a baseline defense cannot be overstated. Cyber security technology can keep an eye on major security threat vectors, carry out protection, detection and response, and be deployed in a variety of different ways. Their versatility also allows businesses to coordinate and strategically monitor for threats throughout the supply chain.
Companies must also learn from businesses that have fallen victim to an attack within the last five years. Every breach from Maersk to Capital One provides a blueprint for what cyber criminals are capable of and how companies can shore up within their own processes.
Third, consider planning technology. Only 37% of businesses who spoke with Vuealta considered planning technology a defense against cyber attacks. But this oft-overlooked tool can ensure that organizations have a robust approach in place to manage their supply chains. Whatever specific risks an organization may face, it will need a clear view of its operations in order to grasp how external threats infiltrate and upset operations. Only then can they build a reliable defense with realistic and actionable responses. And though it may seem daunting, planning is even more effective when it is coordinated across organizations and markets.
Seeing with clarity
When all parties in a supply chain work in and across different platforms, there are hundreds—if not thousands—of entry points for hackers to take advantage of. Managing and protecting all endpoints from an attack requires incredible visibility. Connected planning platforms enable businesses to look at the entire supply chain and get a clearer grasp on weak points and defenses, no matter how large the attack surface may be.
Also increasing the risk of cyber-attack is the speed at which a cyber attacker can take hold. According to a report from CrowdStrike, organizations may have as little as 18 minutes and 49 seconds to respond to an attack, due to their pace and sophistication. Solutions must be able to respond with even better speed and agility. In concert with cyber security technologies, planning technology pinpoints how decisions flow in a business and allows organizations to pull from a variety of data sources to formulate and adapt plans.
It has never been more important for organizations to pursue that visibility and mount its defense against a growing list of threats. For every leap that a business makes, a cyber-attack can pull it right back, inflicting serious harm to its finances and reputation and even its customers’ well-being. Global supply chains, in particular, are at risk of attacks as boundless as its operations. The breadth and scope of today’s supply chains are a security challenge, presenting cyber criminals with multiple nodes of attack that can do swift damage across borders. But this challenge is surmountable. Planning process and technologies allow decision makers in supply chains to manage and coordinate increasingly complex networks, and respond to threat events as they occur. With a thorough plan in place, businesses can return to their ambitious plans while warding off the risks of digital disruption.