Cyber breaches on supply chain are growing 37% every year - how to secure it against attackers

Cyber breaches on supply chain are growing 37% every year - how to secure it against attackers
In the best of times, supply chains are the most sensitive and vulnerable part of a business process. To add to the disruptions caused by the pandemic and the Ukraine Russia war, cyberattacks too are affecting the supply chains.

In March 2022, the McKinsey Quarterly Global Survey identified global supply chain disruptions as a serious business risk for the first time. Apart from geographic or political instability, a high level of cyber risk vulnerability is adding to the crisis.

Deloitte’s Cyber Threat Intelligence did a deep-dive on the cyber risks that companies have faced to their supply chain over the pandemic’s height, and the results are shocking.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
Average cyber breaches on supply chains going up by 37%

As much as 40% of all manufacturing brands faced cyber outages to their operations during the pandemic. BlueVoyant Research’s second Annual Global Survey into Third-Party Cyber Risk Management research says, “97% of firms surveyed have faced

negative impacts due to a cybersecurity breach in their supply chain.”

It also said that the average number of breaches in weak supply chains has been increasing by 37% year on year, and the growth trend is expected to continue in 2022 as well.

The European Union Agency for Cybersecurity (ENISA) report - Threat Landscape for Supply Chain Attacks, which analyzed 24 major attacks, showed that even strong security in place is not adequate.

Supply chain cyber attacks may go undetected for long periods, but continue to inflict damage on their host. With a steady increase in sophistication and novelty of cyber-attacks, this could mean millions of dollars drained before the company even becomes aware of the vulnerability. Since a supply chain platform houses vendors, customers as well as all production and distribution data — it could be very dangerous.

They’re coming for your customer data

The ENISA report says that two-thirds of all attacks were through chinks in supplier codes. This immediately identifies the problem and recommends the solution, better validation and verification of supplier codes for security tampering.

Almost 60% of attacks target customer data which could mean complete annihilation of the business, if successful. So clearly, better control on PII ( Personally Identifiable Information) needs to be in place.

Clearly, between supplier codes and customer Identity data, organizations need to implement much stronger checks and balances on codes, ID, and access data.

Here are a few things CISOs can do to secure their supply chain in these trying times:
  1. Every supply chain element should have a cyber security maturity assessment exercise. While innovation in the supply chain process is welcome, there is a real need to perform a risk assessment for modules or functionalities, regularly. This assessment should cover every new point on the supply chain platform- OT environment, business networks, control systems, and products, and of course advanced IT protection metrics like IP protection, control systems, and even third-party risks. In addition, an inventory of all assets should be securely maintained, and that needs to include patch-relevant information.
  2. Act upon the assessment insights: the result of this assessment needs to be analyzed for doable activities and put into action immediately. They should be the base to create a secure supply chain risk minimization strategy. The risk should be brought to the notice of corporate leadership so that appropriate action can be taken to secure the operations. Defining risk criteria for both suppliers and customers- software dependencies, risk points, loss of critical access control- all need to be identified and documented.
  3. Establishing a leadership-level cybersecurity governance programme: to ensure that proper governance structures are established, to monitor the risk appetite and resiliency of the organization’s OT, including its supply chain.
  4. Digital support for the tech-transformation: While digital transformation has been a buzzword for a couple of years now, the pandemic, and then the Ukraine attack has crunched the timelines- now it is an issue of survival. Getting digitally transformed is a big leap in assuring a more secured, robust, and resilient supply chain platform, across sectors.
All suppliers and service providers need to be screened stringently and their access data and supplier codes should be carefully validated since the source of the attack is often difficult to identify. The same goes for customer ID data. All asset data shared with suppliers need to be classified, and documented and relevant procedures for their security need to be clearly defined and documented.

Despite these checks in place, the threat from cyber miscreants is always present. The cyber threat landscape is constantly evolving, and vulnerability could be housed anywhere. It is the need of the hour for both the decision-makers as well as technology users to ensure no data is breached while keeping in mind the safety of users of the tool.

Apple iPhone 13, iPhone 12, iPhone SE and more are now cheaper by up to ₹11,901
All about the Agnipath recruitment scheme for the armed forces