In the wake of cyber attacks and COVID-19, logistics companies and supply chains around the world are having a tough year. As more and more global supply chains rush to adopt digitised management systems, their attackable surface area is only getting bigger.
The interdependence of supply chains makes them uniquely vulnerable
A new report from supply chain company Resilience360 found that nearly 300 cybersecurity incidents affected supply chain entities last year, with ransomware being the most common type of cyber attack. When we consider factors like expired inventory, reputational damage, business disruptions and falling stock prices, the indirect costs of ransomware attacks is often much higher than the actual ransom itself.
Due to the complex and interconnected ecosystem of global supply chains, pinpointing and countering cyber attacks is nearly impossible. Any single vulnerability across the sprawling web of vendors, shippers and suppliers can compromise the entire supply chain. Add to the mix the differing levels of technological maturity of the players involved and lack of any standardised cybersecurity protocols, the risk increases exponentially. Securing infrastructure is notoriously difficult and adding human error into the mix means it’s only a question of when, not if, a global supply chain network will suffer disruptions.
How supply chains and logistics providers can improve their cybersecurity profile
Even though the task can seem daunting, there are concrete steps companies can take to minimise their attackable surface area and build up their cyber resilience.
1. Review internal and external security procedures.
Organisations need to review their own internal infrastructures, as well as their vendors’ and partners’ cyber practices. They also need to decide on the acceptable level of risk when dealing with third parties. Setting a periodic cybersecurity review process can also be very effective in making sure all parties involved are compliant with baseline cybersecurity.
2. Define cybersecurity guidelines and processes.
Documenting security practices and, wherever possible, requiring suppliers and vendors to comply with standard cybersecurity policies can greatly improve security postures across the board. Making sure the organisations involved are trained to respond to an incident is essential. A written agreement requiring vendors to back up critical data, provide timely notification of any internal security incidents and share periodic security reports should be part of any cybersecurity policy.
3. Invest in cyber awareness training and share best practices.
While upgrading the technology involved is important, human error is still the biggest source of data breaches. The recent Cyber Security Intelligence Index report by IBM found that 95% of all security incidents involve human error. From following links to phishing scams to visiting fake websites to unwittingly downloading malware-ridden email attachments, human error is the biggest cyber risk, and trained people are the strongest defence. Sharing threat intelligence internally and with your partner organisations should be standard practice.
4. Acquire International Standards certifications
While not the most glamorous cybersecurity measure, achieving and updating certifications to ISO standards like ISO 27001 represents a level of baseline protection and provides assurance that critical data is being handled responsibly. We have to keep in mind however that ISO certifications and standards are just guidelines for conducting management systems. To be put into action, there needs to be a comprehensive cybersecurity policy across organisations, vendors and suppliers, which also mandates regular cybersecurity awareness training for all staff.
Cybersecurity for supply chains is now a business necessity
Cyber risk is part of our new business reality. Even though securing an increasingly complex and interconnected global supply chain network is no simple task, security-conscious companies can take concrete steps to ensure that they, and their partners, have the basics covered. By getting the fundamentals right, supply chain companies can greatly minimise the chances of major disruptions and costly cyber breaches.