Supply chains across industries continue to face challenges as we enter 2023, driven by several factors including COVID hotspots in China hampering production, Russia’s war against Ukraine, and stubbornly high global inflation. The sector has already been crippled by these compounding variables, and it has little room for additional burdens.
However, Gartner reports that just 21 percent of supply chain leaders believe their networks are “highly resilient,” which is concerning—especially considering the ferocity of growing cyberthreats. In order to avoid yet another potential risk to their industry, those at the helm of supply chain-focused businesses need a clear understanding of cybersecurity and a response plan in case a cyberattack happens on their watch.
Cyberattacks on Supply Chains are Rising
The threat cybercriminals pose to supply chains is becoming more severe. A report from NCC Group found that cyberattacks on the sector increased by 51 percent between July and December of 2021, while less than a third of cybersecurity leaders said they were “very confident” that they could respond to an attack quickly and effectively.
According to Verizon’s latest Data Breach Investigations Report (DBIR), supply chain attacks “increased dramatically” from 2021 to 2022. “From very well publicized critical infrastructure attacks to massive supply chain breaches,” the report says, “the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
We have no reason to believe 2023 will buck this building trend—if anything, supply chain leaders have a pressing imperative to shore up their defenses even more. From what we have observed over the past decade, as attack vectors expand and social engineering becomes more sophisticated, once cybercriminals find a new way of causing havoc for financial gain, they continue to be viciously creative in their approach to cyberattacks.
A Lucrative Target with Growing Vulnerability
The supply chain sector is undergoing a large-scale digital transformation as the management of industrial machinery and processes move online. This inevitably increases the number of potential attack vectors, providing cybercriminals with ample opportunities to infiltrate companies if the right technical and human capital defenses haven’t been built into the cyber culture. This is why the cybersecurity platforms used by supply chain companies have to be agile and adaptive—they should be able to keep up with evolving cyberthreats and ensure that all attack vectors are covered at all times.
Cybercriminals also understand the vital nature of supply chains, which is why preparedness is incumbent upon the firms that oversee them. These firms play a critical role in the global economy which in turn makes them lucrative targets, particularly for ransomware attacks, because the pressure to get through the logjam and back to proper running order is immense. Smart cybercriminals actively seek to exploit that pressure.
Widespread Cybersecurity Awareness is Crucial
We know that most cyberattacks target people, not systems. The 2022 DBIR reports that 82 percent of breaches involve a human element: “Whether it is the use of stolen credentials, phishing, misuse, or simply an error,” Verizon says, “people continue to play a very large role in incidents and breaches alike.” So it’s the human links in your supply chain that need strengthening.
Supply chain firms can strengthen those human links with a comprehensive cybersecurity awareness training program. The right mix of content, simulated phishing, and adaptive training teaches professionals how to identify cyber risks and respond accordingly, saving companies time, money, and their reputation.
But it’s not just a single company’s CSAT program that protects them—cybersecurity awareness should be truly widespread. Firms in the supply chain sector need to make sure their partners both up and downstream are implementing cybersecurity awareness programs. However, the NCC Group reports that over one-third of companies say they don’t regularly monitor their suppliers’ cybersecurity arrangements and PwC found that 60 percent of supply chain leaders consider the “inability of suppliers to respond to technological challenges” a moderate (41 percent) or major (19 percent) risk. Protecting one system helps protect those to which it is connected.
All that said, 2023 will be a year to watch in supply chain cybersecurity. Existing trends point to more relentless cyberattacks and attempts at further disruption, but business leaders are wiser to the threat. Now is the time to make cybersecurity training a core priority at every level of the organization. When employees learn how to identify and prevent cyberattacks, they won’t just protect the supply chain—their knowledge has the capacity to impact the entire global economy.
Pingback: Podcast: Canada in the crosshairs for cyber attack - Cyber Protection Magazine