• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Supply-Chain Cyberattacks Are Escalating. Are All Your Doors Locked?

Think Tank
Think Tank RSS FeedRSS

Supply-Chain Cyberattacks Are Escalating. Are All Your Doors Locked?

When it comes to opportunities for a cyberattack, think of a business as a mansion with lots of unprotected doors and windows.

Supply-Chain Cyberattacks Are Escalating. Are All Your Doors Locked?
September 24, 2018
Robert J. Bowman, SupplyChainBrain

Invaders can access the house through many portals other than the front door. In the business world, that translates into a multitude of vendors, suppliers and other partners whose level of cybersecurity may be well below that of the company in question.

Exhibit A is the data breach that hit Target Corp. in November of 2013. Miscreants reportedly gained access to the credit card information of up to 110 million Target customers through an air-conditioning contractor. All it took was for one employee of that vendor to respond to a phishing e-mail.

Many similar attacks are likely to hit other companies in the future. According to Accenture’s Cyber Threatscape Report 2018, cybercriminals have shifted their strategies “to exploit third- and fourth-party supply chain partner environments to gain entry to target systems, even in verticals with mature cybersecurity standards, frameworks and regulations.”

Such entities represent an organization’s weak spot, says Matan Or-El, co-founder and chief executive officer of Panorays, a provider of automated third-party security management.

Just about every company has some process in place for vetting the security of its vendors. Often that will take the form of a questionnaire, asking about such measures as the maintenance of firewalls and degree of password complexity.

“The real problem with those kinds of surveys,” says Or-El, “is that they are a totally manual process. It takes time to vet. Usually it happens once a year, while cyber is a changing threat.”

Think of the thousands of suppliers serving a company like Target, and you begin to get an idea of the challenge that corporate security officers face. Clearly, the occasional questionnaire isn’t going to protect a big company from attack, no matter how much it’s spending on cybersecurity.

The biggest vulnerability is, as always, the human factor. In a large, globally distributed workforce, it’s highly likely that some inattentive employee will fall prey to a phishing scam, or other type of hacker’s trick. A single mistake can reverberate throughout the organization, touching on multiple systems and wreaking havoc with efforts to protect sensitive data. The cost of recovery, including damage to one’s brand, has the potential to far exceed that of the priciest security setup.

One vendor serving multiple customers opens countless doors to an attack. Or-El cites the more recent case of [24]7.ai, the provider of an artificial intelligence-driven platform for linking companies with consumers. Earlier this year, its online chat tool became infected with malware, exposing sensitive consumer information held by many of the vendor’s big accounts, including Sears, Delta Airlines, Best Buy and Kmart. Again, a single unprotected door provides access to many rooms.

In the age of the cloud, a company might not be fully aware of the vendors with which it’s linked. Third-party service providers can engage fourth parties, of whom the principal might be unaware. But every partner, known or unknown, represents a point of vulnerability.

The need to protect data becomes even more crucial as governments begin cracking down on companies’ use of consumer information. The European Union’s new General Data Protection Regulation (GDPR) represents a significant step forward in data-privacy oversight. Expect such laws to expand globally, as regulators seek to rein in massive user data compilers such as Facebook.

All vendors in a supply chain must be prepared to comply with GDPR and similar laws, Or-El says. In fact, the first step toward shoring up one’s systems is understanding just who your suppliers are. Beyond that, companies need to classify each vendor according to the level of risk that it presents to the organization. In other words, how would the breach of a given vendor affect the operations of the company in question?

Ideally, companies should be working to close any security gaps before they are exploited by cybercriminals. And, because their techniques are constantly evolving, it’s essential that organizations continually monitor the security posture of every vendor, Or-El says.

The challenge can be daunting. Panorays identifies more than 10,000 different types of hackers, along with points of vulnerability numbering in the hundreds of thousands. Threats even exist outside a company’s nominal web presence; hackers often lure customers onto their platforms by maintaining URLs that are close to the original domain name. A mere mistake in typing can expose one to attack.

Security technology is evolving along with hacker’s techniques. Blockchains hold promise as a means of storing proprietary information in a safe and immutable fashion, although their widespread use is still some ways away. “We haven’t seen something like that in our area,” says Or-El, “but as with any other technology that comes into our world, we really want to make the most of it.”

In the meantime, companies should be working closely with all of their suppliers, large and small, to drive home the necessity of strong security protocols. Engagements should take place on a continuous basis, to head off potential vulnerabilities. Says Or-El: “We see new things popping up every day.”

Sourcing/Procurement/SRM Supply Chain Visibility Business Strategy Alignment Global Supply Chain Management Regulation & Compliance Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A PERSON HOLDS UP A TABLET COMPUTER IN A WAREHOUSE, SUPER-IMPOSED BY A GRAPHIC SHOWING A COMPLEX WEB OF SUPPLY CHAIN ELEMENTS

    Three Post-Pandemic Actions for Repairing Global Supply Chains

    Data Management (Big Data/IoT/Blockchain)
  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management
  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing