Earlier this year, Hexnode surveyed 1,000 IT professionals across various sectors in the supply chain industry and found a significant readiness gap among organizations with more than 40% indicating a lack of preparedness for cyberattacks.
Apu Pavithran is the founder and CEO of Hexnode, a unified endpoint management provider. He joined Supply Chain Management Review for a discussion on the current threat landscape in this 6 Questions With … profile.
(Answers have been edited to clarity and length)
SCMR: How has the post-pandemic landscape changed the cybersecurity threat profile for supply chain and logistics companies?
PAVITHRAN: It’s a good question and thanks for this opportunity, Brian. The pandemic delivered a one-two punch to supply chain and logistics companies: rapid digital transformation followed by a surge in cyber threats. The threat vector for companies is now far larger and penetrable. Unfortunately, bad actors are taking advantage of this new normal, with remote work, cloud solutions, and supply chain touchpoints increasingly serving as ecosystem backdoors.
Further, the digital strength (or lack thereof) of logistics partners is also in the crosshairs, with hackers targeting smaller vendors to gain access to larger organizations. Our recent survey found that more than half (52%) of organizations have experienced cybersecurity incidents due to third-party vendors. Of course, digitization brings many benefits, but companies need to ensure these advances come with a comprehensive and agile approach to cybersecurity.
SCMR: Your recent report found that 42% of companies don’t know how to respond to cybersecurity threats. What are the primary factors contributing to this lack of preparedness?
PAVITHRAN: This statistic is concerning but not entirely surprising given the fast-evolving threat landscape. Several factors contribute to this lack of preparedness. First, there’s a widespread skills gap in cybersecurity. Our survey revealed that about 40% of employees feel only moderately proficient in using their organization’s security tools and technologies. This gap is exacerbated by the shortage of cybersecurity professionals in the industry.
Second, we’re seeing inadequate investment in cybersecurity across the supply chain. About 30% of employees in our study reported that their organization’s cybersecurity budget is insufficient. This underinvestment often leads to outdated systems and processes that can’t keep pace with modern threats.
Finally, there’s a lack of proactive planning. Many logistics organizations still treat cybersecurity as an afterthought rather than integrating it into their core business strategy. This reactive approach leaves them ill-prepared when threats do emerge.
SCMR: With the increasing adoption of IoT devices and connected technologies in supply chains, how can companies balance the benefits of digitization with the need for strong security?
PAVITHRAN: Yes, this is indeed a balancing act. On the one hand, device integration offers unprecedented visibility and efficiency, but on the other, it drastically expands the attack surface. To compensate, companies need to adopt a 'security-by-design' approach. This means strong security is baked into the foundation of any digitization initiative.
Our research shows this is becoming increasingly critical, with one-third of organizations already extensively leveraging connected devices for supply chain tracking. However, many of these same organizations still struggle with endpoint security—33% lack strict endpoint policies altogether. For supply chain companies looking to digitize, success lies in implementing comprehensive security that protects every connected device while maintaining the efficiency benefits these technologies offer.
SCMR: What role does employee training and awareness play in mitigating cybersecurity risks in supply chain operations?
PAVITHRAN: It plays a huge role. Employees are both the first line of defense and the first point of potential weakness. If they’re untrained in best digital practices, they can become major security vulnerabilities.
Thankfully, this is an issue that’s quite easy to fix with effective training programs. These regular sessions should cover basics like identifying phishing attempts and proper data handling, and also extend to understanding the specific risks in supply chain operations. Companies need to keep in mind that they can significantly reduce their risk exposure and create a human firewall with a culture of cybersecurity awareness.
SCMR: How can organizations effectively implement and manage third-party risk management programs to address vulnerabilities introduced by vendor partnerships?
PAVITHRAN: Yes, this is a big sticking point considering that more than half (52%) of organizations have experienced cybersecurity incidents due to vendors. Start by thoroughly vetting partners and suppliers with a focus on their security practices and compliance standards. Then, move to continuous monitoring systems to track vendor performance and potential risks in real-time, and perform regular audits and assessments to maintain ongoing compliance. Here, it’s also worth considering AI-powered tools for efficient monitoring around the clock.
Your security is only as strong as your weakest link. In many cases, that’s a third-party vendor. Proactive management of these relationships is key to overall supply chain security.
SCMR: Looking ahead to 2025, what emerging technologies or strategies do you foresee as game-changers for enhancing supply chain security and resilience?
PAVITHRAN: Digitally speaking, logistics has come a long way in just a few short years and further evolution is on the way. AI and automation are at the forefront, with 42% of organizations planning significant investments to streamline processes and enhance threat detection. We’re exploring this firsthand through solutions like Hexnode Genie, where AI assists IT teams with endpoint management tasks. But this is just the beginning of AI’s potential impact on supply chain security.
IoT devices will continue to play a major role and securing this expanding network is crucial. Zero trust architecture offers a timely solution, moving away from perimeter-based security to a model where nothing is trusted by default, thereby improving the overall security posture.
We’ll likely also see advancements in endpoint management technologies, addressing the current gap where one-third of organizations lack strict policies.
These developments, combined with better third-party risk management and increased cybersecurity budgets, are key to enhancing supply chain security and resilience. The future of logistics isn’t just about efficiency—it’s about building secure systems that can withstand evolving threats. Watch this space.
SCMR: Thank you
SC
MR
More Risk Management
- 6 Questions With … Apu Pavithran
- Supply disruptions top list of concerns for procurement leaders
- Supply chain penetration: A new instrument of warfare?
- Geopolitical readiness in supply chains: Strategic challenges for leaders
- Can supply chain managers embrace an entrepreneurial mindset?
- More Risk Management
What's Related in Risk Management
Explore
Topics
Procurement & Sourcing News
- The rumble in the supply chain: Knocking out the barriers to true SC costing
- From Complexity to Clarity: How technology is driving supply chain efficiency
- Deliver fresher food: A pick-to-zero transformation for retailers
- ISM reports Services economy turns in solid December performance to end 2024, notes ISM
- Rate shopping: A bargain-hunter’s paradise
- Toward more accurate Scope 3 emissions accounting
- More Procurement & Sourcing