Supply Chain Now Guide: Protecting Supply Chains From Cyberattacks
In July, what is being called the “largest IT outage in history” grounded air cargo and travel and caused “substantial disruptions” to the networks of such supply chain giants as FedEx and UPS. While cybersecurity company CrowdStrike blamed the worldwide outage on a “software update” and not a cyberattack, the event illustrates the importance of taking measures to safeguard the supply chain systems we all rely on for the movement of goods and people.
Cybersecurity is Paramount in Digital Supply Chain
A Boston Consulting Group (BCG) report published in October 2023 said that “bad actors are using more sophisticated tools and techniques to exploit vulnerabilities in digital networks, and weak points can be difficult to detect. Companies with established cybersecurity capabilities are being compromised through less sophisticated third parties that are connected to their network.”
Today’s Supply Chain Remains Vulnerable to Cyberattacks
According to the Identity Theft Resource Center, the number of organizations targeted by supply chain cyberattacks skyrocketed by 2,600% between 2018 and 2023. Verizon’s 2024 Data Breach Investigations Report said there was a 68% year-over-year leap in the amount of “supply chain interconnection” involved in cyber breaches.
Among high-profile cyberattacks affecting the supply chain:
- In December 2020, Forward Air Corp. was forced to take its systems offline to prevent the spread of a ransomware attack.
- In September 2023, a ransomware attack caused outages for customers using technology provider Orbcomm’s fleet management services.
- In early October 2023, LTL carrier Estes Express reported a cyberattack knocked out nearly all of its technology capabilities, including its phone service.
Why Is It So Difficult to Build Resilience to Supply Chain Cyberattacks?
The BCG report said supply chain stakeholders have been able to minimize their cyber risks, but it’s a complicated process that involves collaborative leadership, a transparent risk management program, and accurate reporting of material weaknesses.
Three Strategies for Improved Supply Chain Cybersecurity
“It’s clear that supply chain cyberattacks are among the most urgent cyber threats companies face in 2024,” SupplyChainBrain said. “To address them, it’s vital that companies focus on comprehensive cybersecurity across the supply chain, which means improving visibility and reporting, applying consistent standards for data security and management, and building a culture of cybersecurity awareness throughout the partner ecosystem.”
Be Proactive
It’s too late to address cybersecurity after an attack occurs.
“Many times, the hardest part is simply getting started,” the BCG report said. “However, having a program puts a company miles ahead of organizations that have none at all. Begin by taking stock of the supply chain and identifying quick-win opportunities – weak points that can be addressed swiftly and yet make the network more secure.”
The Cybersecurity & Infrastructure Agency advises companies to:
- Train employees to spot potentially malicious emails.
- Require strong passwords and multifactor authentication.
- Update business software.
Choose Partners Wisely
“Accountability extends beyond the four walls of your company, so it’s crucial to partner with organizations that take cybersecurity seriously,” Supply Chain Brain said. “Companies can do this by making sure that their partners have effective awareness training programs in place, and that they rigorously track the performance of those programs with assessments such as simulated phishing. If vendors and other partners can’t meet these standards, companies should look elsewhere.”
Stay Informed
Companies need to publicly share the lessons learned from cyberattacks.
“Just as companies must have strict requirements for how data is shared, stored, and managed, it’s critical to make sure that third-party partners prioritize employee training and cybersecurity awareness,” Supply Chain Brain said. “An emphasis on awareness training will improve the cybersecurity posture of all links in the supply chain, and address the full range of potential cyberattacks.”
Supply Chain Now Is Your Source for Cybersecurity News
Supply Chain Now covers the latest developments in cybersecurity and analyzes what went wrong when supply chain operations are hit by cybercriminals.
From podcasts to livestreams, vlogs, virtual events, and articles, Supply Chain Now delivers everything you need to know about the latest global supply chain developments. We connect viewers, listeners, and readers directly to the supply chain leaders most frequently sourced for insights as we spotlight the people, technology, best practices, critical issues, and opportunities impacting the global supply chain.
Our library is packed with programming addressing a huge variety of supply chain topics. Among the available podcasts addressing cybersecurity are:
- “Top 5 Cybersecurity Priorities for Manufacturing Leaders in 2023.”
- “An Ounce of Cyber Risk Prevention Is Worth a Pound of Cure.”
- “4-Step Guide to Thwarting Cyber Threats in Critical Infrastructure.”
- “Unmasking Cyber Risks: Simplifying the Complexities for Business Owners.”
- “Cybersecurity for the Modern Healthcare Network.”
Check out these and other Supply Chain Now podcasts. Listen now.