Cyber attacks on digital supply chains are on a sharp rise. An attack can bring a business to its knees in a matter of seconds and cost millions. Do you know where your weakest link is?
Our technological powers increase, but the side effects and potential hazards also escalate. This is what writer and futurist Alvin Toffler predicted already in 1971. Digital supply chains are a fitting example.
In a recent Accenture study, industry professionals named Cyber Security as their number one supply chain concern. No wonder. 60 percent of cyber attacks stem from the supply chain and 70 percent of companies have already experienced one.
IBM’s X-Force 2016 Cyber Security Intelligence Index reveals that the number of Cyber Security breaches is growing by 64 percent every year. And they are expensive. A data breach costs an average of 6.5 million U.S. dollars. A recent cyber attack cost shipping company Maersk 300 million.
But in half of the companies Accenture surveyed, there was no alignment between supply chain and Cyber Security operations. According to Cyber Security and privacy company F-Secure’s expert Erka Koivunen, this is understandable.
Digitalization has blurred the line between how information is secured and how physical environments are secured. The term information security does not capture the physical and the information worlds that are increasingly merging.
‘Companies have realized that it’s not about logistics anymore, it is about cyber security’, states Chief Information Security Officer Koivunen. Koivunen notes that the software industry has dealt with Cyber Security issues for the past 30 years.
But for others, the learning curve has been steep. External manufacturers with access to the company’s latest designs, telemetry data from a truck fleet, a maintenance service provider with access to vendor portal or an IoT machine that recognises, connects and sends data all pose a risk to cyber attack.
Cyber attacks vary in nature. Threats can be borne of simple human error or emerge from an advanced targeted attack. According to Koivunen, the end user and even many of the vendors have limited understanding of what the software in the box actually does or where all the hardware components in product originate from.
Malicious insertion can happen at any level. Luckily technology can also help to prevent cyber attacks. ‘A disposable RFID tag can be enough of a proof that the item is the same one that was sent from a factory on the other side of the world and that it has been intrusted hands during its journey’, says Koivunen.
According to Koivunen, effective Cyber Security is a people, process, and technology issue. It should be a board-level concern.
Every digital supply chain has its own weak links. It is a matter of creating a third party security management framework that resists attempts to bypass procedures and alerts when the integrity of the supply chain is violated. Software vendors do this already with software signing, threat modeling and vulnerability assessments.
Cyber security highlights business partners’ responsibility and professionalism. Trust and control are crucially important. ‘Companies should choose their partners carefully. One must not rely on face value’, warns Koivunen.
Complete attack prevention may be impossible but bringing your ecosystem into lockstep with cyber security measures will help to keep the possible breaches small and business running.
Sources: Accenture, MITRE, F-Secure, KPMG, Digital Supply Chain Insititute.