Rethinking Cybersecurity: Hidden vulnerabilities in the supply chain
The most recent spate of cyberattacks on the supply chain and beyond should have everyone’s attention. Here’s a manageable scheme for protecting against cyberattacks by creating a system that provides equal protection from vulnerabilities to any and all suppliers regardless of their size.
“They first went after our gas and then they went after our hot dogs.”
That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.
He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”
Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.
This is not a practice drill.
Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.
With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.
As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.
This complete article is available to subscribers only.
Log in now for full access or start your PLUS+ subscription for instant access.
Latest News
Port of Baltimore May Not Reopen Until Summer Sales & Operations Planning (S&OP) Mastery A New Priority Greets Procurement Professionals in 2024 Cargo Shipping Remains on Hold in Baltimore Following Bridge Collapse Maximizing the Bottom Line: The Power of Procurement More NewsLatest Resource
Sales & Operations Planning (S&OP) Mastery In this Special Digital Edition of Supply Chain Management Review, you will find insights on the importance of sales and operations planning (S&OP) to an organization’s bottom line.All Resources
“They first went after our gas and then they went after our hot dogs.”
That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.
He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”
Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.
This is not a practice drill.
Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.
With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.
As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.
Subscribe to Supply Chain Management Review Magazine!
Subscribe today. Don't Miss Out!Get in-depth coverage from industry experts with proven techniques for cutting supply chain costs and case studies in supply chain best practices.
Start Your Subscription Today!
It’s high time to go beyond visibility Driving supply chain flexibility in an uncertain and volatile world View More From this Issue