•   Exclusive

Rethinking Cybersecurity: Hidden vulnerabilities in the supply chain

The most recent spate of cyberattacks on the supply chain and beyond should have everyone’s attention. Here’s a manageable scheme for protecting against cyberattacks by creating a system that provides equal protection from vulnerabilities to any and all suppliers regardless of their size.

Subscriber: Log Out

Sorry, but your login has failed. Please recheck your login information and resubmit. If your subscription has expired, renew here.

This is an excerpt of the original article. It was written for the July-August 2021 edition of Supply Chain Management Review. The full article is available to current subscribers.

July-August 2021

We all know the old saying: “When the going gets tough, the tough get going.” It has been repeated so often it’s cliché. I’d like to suggest a variation: “When the going gets tough, leadership matters.” To say that supply chains have had a tough time of it would be an understatement. Despite the positive vaccine news here in the United States, global supply chains are not out of the woods yet.
Browse this issue archive.
Already a subscriber? Access full edition now.

Need Help?
Contact customer service
847-559-7581   More options
Not a subscriber? Start your magazine subscription.

“They first went after our gas and then they went after our hot dogs.”

That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.

He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”

Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.

This is not a practice drill.

Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.

With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.

As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.

This complete article is available to subscribers only. Log in now for full access or start your PLUS+ subscription for instant access.

 

SC
MR

Sorry, but your login has failed. Please recheck your login information and resubmit. If your subscription has expired, renew here.

From the July-August 2021 edition of Supply Chain Management Review.

July-August 2021

We all know the old saying: “When the going gets tough, the tough get going.” It has been repeated so often it’s cliché. I’d like to suggest a variation: “When the going gets tough, leadership matters.”…
Browse this issue archive.
Access your online digital edition.
Download a PDF file of the July-August 2021 issue.

“They first went after our gas and then they went after our hot dogs.”

That’s Christopher Krebs’ accounting of recent cyberattacks on Colonial Pipeline, the biggest U.S. fuel pipeline, and JBS USA, one of the world’s largest meat packing companies. Krebs is the former director of the federal Cybersecurity and Infrastructure Security Agency.

He continued on to say to NBC: “No one is out of bounds here. Everyone is in play.”

Just a day later, the Biden administration put cyberattacks on a par with terrorism. It also said that all companies large and small need to determine how to confront this threat to their operations and even future viability. That’s a warning that Walmart, Target, Equifax and many others would double down on after surviving their own cyberattacks in recent years.

This is not a practice drill.

Three years ago, cyberattacks cost the world’s companies upwards of $600 billion, according to the cybersecurity protection firm McAfee. Needless to say, cybersecurity has become an even bigger business lately, with the rate of attacks increasing during COVID-19. And some estimates of its cost have now hit the $6 trillion annual level. Quite simply, cyberattacks are an exponentially high-growth business.

With the increasing scope and proliferation of these attacks, it is all hands-on-deck at many firms. Other than IT, no individual department is more affected by these attacks than supply chain management. More than 60% of cyberattacks launched against publicly traded U.S. companies in 2017 were supply chain-based, meaning attackers launch their assaults at firms by first compromising one of their supply chain partners and then using them as a launching pad.

As supply chain networks become increasingly connected, it has become common for hackers to compromise one firm, steal login credentials to their supply partners’ back-office systems and then breach the partner. And just as no company is out of bounds here, no supply chain partner is too insignificant to be the conduit for a cyberattack. Smaller firms are often targeted because they have fewer resources dedicated to cyber-defense, making them more susceptible to attacks. It doesn’t even matter to the attackers that smaller suppliers may not have a large trove of customer information or valuable financial assets. Instead, and often more valuable, many possess login information that, if stolen, attackers can use to penetrate back-office systems of the larger firms with more resources.

SC
MR

Latest Podcast
Talking Supply Chain: Visibility and external manufacturing
Gartner Supply Chain’s Sam New joined the Talking Supply Chain podcast to talk about how business can overcome the challenges of achieving…
Listen in

Subscribe

Supply Chain Management Review delivers the best industry content.
Subscribe today and get full access to all of Supply Chain Management Review’s exclusive content, email newsletters, premium resources and in-depth, comprehensive feature articles written by the industry's top experts on the subjects that matter most to supply chain professionals.
×

Search

Search

Sourcing & Procurement

Inventory Management Risk Management Global Trade Ports & Shipping

Business Management

Supply Chain TMS WMS 3PL Government & Regulation Sustainability Finance

Software & Technology

Artificial Intelligence Automation Cloud IoT Robotics Software

The Academy

Executive Education Associations Institutions Universities & Colleges

Resources

Podcasts Webcasts Companies Visionaries White Papers Special Reports Premiums Magazine Archive

Subscribe

SCMR Magazine Newsletters Magazine Archives Customer Service

Press Releases

Press Releases Submit Press Release