6 Questions With … Apu Pavithran

Hexnode CEO explains why cybersecurity threats are growing and what supply chain businesses can do to protect their systems

Subscriber: Log Out

Earlier this year, Hexnode surveyed 1,000 IT professionals across various sectors in the supply chain industry and found a significant readiness gap among organizations with more than 40% indicating a lack of preparedness for cyberattacks.

Apu Pavithran is the founder and CEO of Hexnode, a unified endpoint management provider. He joined Supply Chain Management Review for a discussion on the current threat landscape in this 6 Questions With … profile.

(Answers have been edited to clarity and length)

SCMR: How has the post-pandemic landscape changed the cybersecurity threat profile for supply chain and logistics companies? 

PAVITHRAN: It’s a good question and thanks for this opportunity, Brian. The pandemic delivered a one-two punch to supply chain and logistics companies: rapid digital transformation followed by a surge in cyber threats. The threat vector for companies is now far larger and penetrable. Unfortunately, bad actors are taking advantage of this new normal, with remote work, cloud solutions, and supply chain touchpoints increasingly serving as ecosystem backdoors.

Further, the digital strength (or lack thereof) of logistics partners is also in the crosshairs, with hackers targeting smaller vendors to gain access to larger organizations. Our recent survey found that more than half (52%) of organizations have experienced cybersecurity incidents due to third-party vendors. Of course, digitization brings many benefits, but companies need to ensure these advances come with a comprehensive and agile approach to cybersecurity.

SCMR: Your recent report found that 42% of companies don’t know how to respond to cybersecurity threats. What are the primary factors contributing to this lack of preparedness? 

PAVITHRAN: This statistic is concerning but not entirely surprising given the fast-evolving threat landscape. Several factors contribute to this lack of preparedness. First, there’s a widespread skills gap in cybersecurity. Our survey revealed that about 40% of employees feel only moderately proficient in using their organization’s security tools and technologies. This gap is exacerbated by the shortage of cybersecurity professionals in the industry.

Second, we’re seeing inadequate investment in cybersecurity across the supply chain. About 30% of employees in our study reported that their organization’s cybersecurity budget is insufficient. This underinvestment often leads to outdated systems and processes that can’t keep pace with modern threats.

Finally, there’s a lack of proactive planning. Many logistics organizations still treat cybersecurity as an afterthought rather than integrating it into their core business strategy. This reactive approach leaves them ill-prepared when threats do emerge.

SCMR: With the increasing adoption of IoT devices and connected technologies in supply chains, how can companies balance the benefits of digitization with the need for strong security? 

PAVITHRAN: Yes, this is indeed a balancing act. On the one hand, device integration offers unprecedented visibility and efficiency, but on the other, it drastically expands the attack surface. To compensate, companies need to adopt a 'security-by-design' approach. This means strong security is baked into the foundation of any digitization initiative.

Our research shows this is becoming increasingly critical, with one-third of organizations already extensively leveraging connected devices for supply chain tracking. However, many of these same organizations still struggle with endpoint security—33% lack strict endpoint policies altogether. For supply chain companies looking to digitize, success lies in implementing comprehensive security that protects every connected device while maintaining the efficiency benefits these technologies offer.

SCMR: What role does employee training and awareness play in mitigating cybersecurity risks in supply chain operations? 

PAVITHRAN: It plays a huge role. Employees are both the first line of defense and the first point of potential weakness. If they’re untrained in best digital practices, they can become major security vulnerabilities.

Thankfully, this is an issue that’s quite easy to fix with effective training programs. These regular sessions should cover basics like identifying phishing attempts and proper data handling, and also extend to understanding the specific risks in supply chain operations. Companies need to keep in mind that they can significantly reduce their risk exposure and create a human firewall with a culture of cybersecurity awareness.

SCMR: How can organizations effectively implement and manage third-party risk management programs to address vulnerabilities introduced by vendor partnerships? 

PAVITHRAN: Yes, this is a big sticking point considering that more than half (52%) of organizations have experienced cybersecurity incidents due to vendors. Start by thoroughly vetting partners and suppliers with a focus on their security practices and compliance standards. Then, move to continuous monitoring systems to track vendor performance and potential risks in real-time, and perform regular audits and assessments to maintain ongoing compliance. Here, it’s also worth considering AI-powered tools for efficient monitoring around the clock.

Your security is only as strong as your weakest link. In many cases, that’s a third-party vendor. Proactive management of these relationships is key to overall supply chain security.

SCMR: Looking ahead to 2025, what emerging technologies or strategies do you foresee as game-changers for enhancing supply chain security and resilience? 

PAVITHRAN: Digitally speaking, logistics has come a long way in just a few short years and further evolution is on the way. AI and automation are at the forefront, with 42% of organizations planning significant investments to streamline processes and enhance threat detection. We’re exploring this firsthand through solutions like Hexnode Genie, where AI assists IT teams with endpoint management tasks. But this is just the beginning of AI’s potential impact on supply chain security.

IoT devices will continue to play a major role and securing this expanding network is crucial. Zero trust architecture offers a timely solution, moving away from perimeter-based security to a model where nothing is trusted by default, thereby improving the overall security posture.

We’ll likely also see advancements in endpoint management technologies, addressing the current gap where one-third of organizations lack strict policies.

These developments, combined with better third-party risk management and increased cybersecurity budgets, are key to enhancing supply chain security and resilience. The future of logistics isn’t just about efficiency—it’s about building secure systems that can withstand evolving threats. Watch this space.

SCMR: Thank you

SC
MR

Hexnode CEO Apu Pavithran explains why cybersecurity threats are growing and what supply chain businesses can do to protect their systems in this 6 Questions With … feature.
(Photo: Hexnode)
Hexnode CEO Apu Pavithran explains why cybersecurity threats are growing and what supply chain businesses can do to protect their systems in this 6 Questions With … feature.
What's Related in Risk Management
Analyze Your Supply Chain Resilience
A resilient and agile supply chain is vital in today’s volatile market—start by assessing your current position with our Self-Assessment tool.
Download

About the Author

Brian Straight, SCMR Editor in Chief
Brian Straight's Bio Photo

Brian Straight is the Editor in Chief of Supply Chain Management Review. He has covered trucking, logistics and the broader supply chain for more than 15 years. He lives in Connecticut with his wife and two children. He can be reached at [email protected], @TruckingTalk, on LinkedIn, or by phone at 774-440-3870.

View Brian's author profile.

Subscribe

Supply Chain Management Review delivers the best industry content.
Subscribe today and get full access to all of Supply Chain Management Review’s exclusive content, email newsletters, premium resources and in-depth, comprehensive feature articles written by the industry's top experts on the subjects that matter most to supply chain professionals.
×

Search

Search

Sourcing & Procurement

Inventory Management Risk Management Global Trade Ports & Shipping

Business Management

Supply Chain TMS WMS 3PL Government & Regulation Sustainability Finance

Software & Technology

Artificial Intelligence Automation Cloud IoT Robotics Software

The Academy

Executive Education Associations Institutions Universities & Colleges

Resources

Podcasts Webinars Companies Visionaries White Papers Special Reports Premiums Magazine Archive

Subscribe

SCMR Magazine Newsletters Magazine Archives Customer Service

Press Releases

Press Releases Submit Press Release