• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » How You Can - and Must - Enhance Your Cybersecurity Program

Think Tank
Think Tank RSS FeedRSS

How You Can - and Must - Enhance Your Cybersecurity Program

May 13, 2013
Robert J. Bowman, SupplyChainBrain

Cyberspace is rife with attacks on proprietary business networks. For all of its obvious benefits, the internet has made possible an exponential increase in industrial espionage and outright thievery of sensitive data.

Some of the world's biggest companies - even those thought to be among the most secure - have been targets. In March of 2011, RSA, the security division of IT provider EMC, was subjected to the theft of security tokens designed to protect millions of computers from unauthorized users. The stolen tokens were then used in a cyberattack against aerospace giant and RSA customer Lockheed Martin.

Last August, Saudi Arabian Oil Co. (Aramco) was the victim of a spear-phishing attack, which resulted in the permanent erasure of data from some 30,000 company computers.

And in March of this year, in what was called "the biggest cyberattack in history," the European anti-spam organization known as The Spamhaus Project withstood a massive distributed denial of service (DDoS) attack, allegedly by a Dutch web-hosting firm.

Those are just three of the countless incidents to have occurred in recent years. They involved varying degrees of sophistication on the part of miscreants; the attack on Spamhaus apparently could have been carried out with no more than a laptop and an internet connection. According to the Center for Strategic & International Studies, between 80 and 90 percent of successful corporate network breaches require "only the most basic techniques."

From all of this, we can derive a disturbing, three-part lesson: Hacking is easy. Hacking is prevalent. Hacking is very likely happening to you.

Now, as if cybercrime by private citizens weren't enough, we must also contend with aggressive action by foreign governments. According to numerous press reports, China is among the most outrageous violators today. The People's Liberation Army is said to be engaged in a concerted, multi-year campaign of cyberattacks against both businesses and U.S. government agencies. Ground zero for the relentless campaign appears to be a nondescript building outside Shanghai, staffed by a secret military group known as PLA Unit 61398.

The group's activities were exposed this year by a report from the information-security firm Mandiant. It claims that Unit 61398 has "systematically stolen confidential data from at least 141 organizations across multiple industries."

Flushing such activity into the open can be a potent weapon of sorts. Mandiant supplemented its report on computer-hacking by the Chinese military with the release of several thousand identifiers that can help companies to detect and guard against future attacks from that source. In fact, the firm's efforts appear to have resulted in a temporary lull in activity by the Shanghai unit. But they're expected to have little impact on the Chinese hacking campaign over the long run.

So where does this leave businesses, particularly those with global supply chains involving multiple partners? Not in a very good place, unfortunately. In a recent paper for CSIS, cybersecurity expert James A. Lewis noted that hacking is pervasive and easy to carry out. Yet the business world remains blissfully unaware of the threat.

Approximately one-quarter of all malware isn't blocked by current techniques, including off-the-shelf antivirus software, Lewis says. And 85 percent of security breaches go undetected for months - plenty of time for companies to suffer severe damage through loss of vital data.

The failure can't be chalked up to a lack of investment. Lewis says government and private companies are spending up to 7 percent of their IT budgets on cybersecurity. The total bill for security software was said to have hit $17.7bn in 2011. It's likely to be even higher today.

Clearly the old techniques of defending against cyberattacks haven't worked. Traditional network security methods are reactive in nature, and of limited effectiveness even then. Newer and more effective methods focus on a program of continuous diagnostics and mitigation measures, according to Lewis. "The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target," he writes.

Lewis says companies need to adopt "a minimum standard of due care" in their cybersecurity programs. As a guide for action, he cites work by the Australian government's Defence Signals Directorate (DSD) and the U.S. National Security Agency (NSA). DSD has come up with a list of 35 recommended mitigation strategies, while NSA lists 20 "critical controls."

For companies looking to tighten up their cybersecurity measures, the first four of DSD's recommendations provide an excellent start. They are:

- Use application whitelisting to restrict your computers and networks only to those programs that are specifically approved by you.

- Download patch applications that correct the vulnerabilities in such programs as Microsoft Office, Adobe Flash, Java and various Web browsers.

- Similarly, accept patches to plug vulnerabilities in operating systems such as Windows (which has long been notorious for its exposure to hackers).

- Place tight controls on administrative privileges. Keep to an absolute minimum the number of individuals who are authorized to make changes on your network.

DSD says those four strategies will help to protect organizations from "low to moderately sophisticated" intrusion attempts. In fact, the agency says, they can ward off more than 85 percent of cyber intrusions. What's more, Lewis says, the measures tend to remain effective despite the ever-evolving nature of cyber threats.

They are not, of course, the complete answer. For most companies, there simply isn't one. No system can protect against all types of attacks, but diligent companies can get to the point where cyberspace "is no less secure than any other environment we operate in," says Lewis. And that's a far better state of affairs than most businesses are in today.

Next: A supply-chain perspective on cybersecurity.

Comment on This Article


Keywords: supply chain, supply chain management, supply chain security, cybersecurity, supply chain risk management, supply chain visibility, supply chain planning, international trade, supply chain management: supply chain security & risk management

Forecasting & Demand Planning Supply Chain Planning & Optimization Supply Chain Visibility Global Supply Chain Management Regulation & Compliance Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A PERSON HOLDS UP A TABLET COMPUTER IN A WAREHOUSE, SUPER-IMPOSED BY A GRAPHIC SHOWING A COMPLEX WEB OF SUPPLY CHAIN ELEMENTS

    Three Post-Pandemic Actions for Repairing Global Supply Chains

    Data Management (Big Data/IoT/Blockchain)
  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing