Cybersecurity is a Supply Chain Problem

08/24/20

Is your supply chain protected from hackers?

APICS Greater Detroit supports supply chain professionals with the information and education they need to remain competitive in today’s world.

Recently the National Defense Magazine shared that lone wolf hackers, rogue nation-states and cybercrime syndicates are in a position to disrupt the global supply chain.

“Cybersecurity really is a supply chain problem” that encompasses the telecom carriers that are used by businesses, the hardware and software that supports organizational workflow, and the cloud assets that so many organizations are leveraging today, Richard George, former National Security Agency technical director of information assurance and current senior advisor for cybersecurity at Johns Hopkins University Applied Physics Laboratory, recently said in a speech to cybersecurity professionals.

Read more in our latest blog post below.

Richard went on to say, “It’s not just the government that’s a target, everybody’s a target,” he added. Kevin O’Marah, former manufacturing and supply chain contributor to Forbes, wrote, “Where once we worried about localized mistakes or oversights upstream, now we worry about cataclysm, potentially at the hands of actors bent on destruction. The new world of supply chain risk means preparation for widespread, systemic disruption in our immediate future.”

He continued: “As with war and natural disasters, cyber threats have the potential to kick off systemic failure, meaning a sort of domino effect whereby ordinary preparedness fails to overcome infrastructure, communication and human breakdowns.” To defend against cyber criminal intent to disrupt and “own” the global supply chain, George observed that corporations must be on guard, be careful of untrustworthy entities within the supply chain, ensure transparency throughout the supply chain, force strategic partners to prove their cybersecurity posture, and limit entanglement with companies/countries that don’t respect intellectual property rights.

The Michigan Manufacturing Technology Center outlined nine reasons below cybersecurity should be a priority in your business right now, despite a large percentage of companies cutting cyber budgets due to pandemic financial pressures. Here are some key statistics about cyber hacks in recent months:

Ransomware attacks increased 148% from February to March
At the end of March 2020, the number of cyber-attacks related to the COVID-19 pandemic grew from 100 daily to more than 5,000
25% of employees working from home do not know what security protocols are in place on their devices
20% said their IT team did not provide any additional security tips as they shifted to working from home
50% of companies reported allowing employees to use personal email addresses and personal devices to conduct company work
51% of global companies experienced more phishing attacks due to employees working remotely
Following the increased use of unprotected mobile devices, mobile phishing has increased by 37.1%
Only 41% of cyber professionals said their companies are utilizing best practices to ensure a secure remote workforce
The average cost of a data breach in the manufacturing industry was $5.2 million in 2019

With cybersecurity dangers very real and present, companies should resist temptations to cut cyber budgets. Supply & Demand Chain Executive shared the steps below to protect your supply chains from cyber threats.

Create a Recovery Plan: Approach cybersecurity from the point of view that it’s only a matter of time before a breach occurs. Shore up your defenses, but also ensure that you have a recovery plan in place. This plan should provide clear guidelines on what steps to take in the event of a breach. Assign employees specific tasks and ensure that they know who to contact and what action to take. The faster the response, the better able you’ll be to limit the damage.
Run a Security Audit Regularly: It’s essential to run regular security audits. Identify potential gaps in the company’s defenses. Then come up with a clear plan to deal with these. A security audit of this nature should be conducted at least once or twice a year.
Improve Physical Security: If a bad actor can gain physical access to your offices, they’re more easily able to launch an attack. Re-evaluate your physical security to tighten up security. No third-party contractors or clients should be allowed unfettered access to your offices or cargo. Malicious code can, for example, be built into a QR code. When that item is scanned, the virus is uploaded into the computer system.
Review Electronic Links: You may think that your system is only linked to first-tier suppliers. This isn’t strictly true. They’re dealing with their suppliers and clients, and so they’re connected to other companies. If there are any weak links in the chain, you might all be at risk.
Conduct Regular Penetration Testing: It’s wise to conduct penetration scanning at least once a year. Make it part of your general security audit, or run it separately if you prefer. This becomes critical as bad actors start to use more sophisticated methods to breach systems. At one stage, a password with just letters and numbers was considered hard to crack. As our tech and systems age, they’re more at risk from sophisticated hacking techniques.
Security Awareness Training: It just takes one employee to download the wrong meme to infect your system. Security awareness training has become critical to make employees aware of the risks.
Re-Evaluate Your Vendor Agreements: Your third-party vendors must be held to the same high standard as your company. They’re accessing your systems. If they don’t follow strict security protocols, your systems are at risk. The one way to ensure that they take security as seriously as you do is to hold them accountable. Work this into the contract to avoid issues later on.

Cybersecurity is a supply chain problem. Encourage your company to take the steps above to ensure you are protected.

Looking for more information on ways to remain competitive as we continue to emerge from the pandemic? APICS Greater Detroit has expert instructor-led classes beginning in just a few weeks! Starting in September we are offering the following courses to help supply chain professionals meet today’s top challenges and help you and your company ensure your teams have the skills needed.

Certification in Production and Inventory Management (CPIM) provides you with the ability to understand and evaluate production and inventory activities within a company’s global operations.
Certified Supply Chain Professional (CSCP) program is the first and only supply chain certification encompassing the end-to-end global supply chain. APICS CSCP designees gain the skills to effectively manage global supply chain activities that involve suppliers, plants, distributors, and customers located around the world.
Certified in Logistics, Transportation, and Distribution (CLTD) program will expand your logistics, transportation, and distribution knowledge and prepare you for the APICS CLTD certification exam.