• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

Global supply chains are only as secure as their weakest link

Content

In the wake of cyber attacks and COVID-19, logistics companies and supply chains around the world are having a tough year. As more and more global supply chains rush to adopt digitised management systems, their attackable surface area is only getting bigger.

The interdependence of supply chains makes them uniquely vulnerable
A new report from supply chain company Resilience360 found that nearly 300 cybersecurity incidents affected supply chain entities last year, with ransomware being the most common type of cyber attack. When we consider factors like expired inventory, reputational damage, business disruptions and falling stock prices, the indirect costs of ransomware attacks is often much higher than the actual ransom itself.

Due to the complex and interconnected ecosystem of global supply chains, pinpointing and countering cyber attacks is nearly impossible. Any single vulnerability across the sprawling web of vendors, shippers and suppliers can compromise the entire supply chain. Add to the mix the differing levels of technological maturity of the players involved and lack of any standardised cybersecurity protocols, the risk increases exponentially. Securing infrastructure is notoriously difficult and adding human error into the mix means it’s only a question of when, not if, a global supply chain network will suffer disruptions.

How supply chains and logistics providers can improve their cybersecurity profile
Even though the task can seem daunting, there are concrete steps companies can take to minimise their attackable surface area and build up their cyber resilience.

1. Review internal and external security procedures.
Organisations need to review their own internal infrastructures, as well as their vendors’ and partners’ cyber practices. They also need to decide on the acceptable level of risk when dealing with third parties. Setting a periodic cybersecurity review process can also be very effective in making sure all parties involved are compliant with baseline cybersecurity.
 

2. Define cybersecurity guidelines and processes.
Documenting security practices and, wherever possible, requiring suppliers and vendors to comply with standard cybersecurity policies can greatly improve security postures across the board. Making sure the organisations involved are trained to respond to an incident is essential. A written agreement requiring vendors to back up critical data, provide timely notification of any internal security incidents and share periodic security reports should be part of any cybersecurity policy.
 

3. Invest in cyber awareness training and share best practices.
While upgrading the technology involved is important, human error is still the biggest source of data breaches. The recent Cyber Security Intelligence Index report by IBM found that 95% of all security incidents involve human error. From following links to phishing scams to visiting fake websites to unwittingly downloading malware-ridden email attachments, human error is the biggest cyber risk, and trained people are the strongest defence. Sharing threat intelligence internally and with your partner organisations should be standard practice.
 

4. Acquire International Standards certifications
While not the most glamorous cybersecurity measure, achieving and updating certifications to ISO standards like ISO 27001 represents a level of baseline protection and provides assurance that critical data is being handled responsibly. We have to keep in mind however that ISO certifications and standards are just guidelines for conducting management systems. To be put into action, there needs to be a comprehensive cybersecurity policy across organisations, vendors and suppliers, which also mandates regular cybersecurity awareness training for all staff. 

 

Cybersecurity for supply chains is now a business necessity

Cyber risk is part of our new business reality. Even though securing an increasingly complex and interconnected global supply chain network is no simple task, security-conscious companies can take concrete steps to ensure that they, and their partners, have the basics covered. By getting the fundamentals right, supply chain companies can greatly minimise the chances of major disruptions and costly cyber breaches. 

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing