• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » A 10-Point Guide to Establish Supply Chain Cybersecurity

Think Tank
Think Tank RSS FeedRSS

A 10-Point Guide to Establish Supply Chain Cybersecurity

Cybersecurity
Photo: Bloomberg
September 19, 2021
Marc Lewis, SCB Contributor

As global supply chains become increasingly digital, companies are exposed to risks from umpteen indirect sources. A system is only as strong as its weakest link, and hackers will hunt meticulously to uncover a vulnerable component.

This exploitation comes at a high price. According to IBM's Security Cost of Data Breach Report, $5.52 million is the average total cost of a breach for enterprises of more than 25,000 employees and $2.64 million for organizations under 500 employees. Most companies pay hackers the ransom they demand. This summer, Colonial Pipeline Co. and JBS SA paid hackers $4.4 million and $11 million respectively to recover encrypted data after massive cyberattacks.

Other impacts include disrupted customer service, undermined trust, and loss of competitive edge.

Cybercriminals are evading barriers and identifying weaknesses to exploit supply chains more effectively than ever before. In the case of Colonial Pipeline, hackers abused a legacy virtual private network (VPN) profile that only required single-factor authentication.

Attacks not only cripple companies but also hurt customers. Eighty percent of breaches involve personally identifiable information (PII). Hackers use PII and passwords to access an individual’s various accounts across the web. Additionally, any break in a supply chain — whether it is your business or third or fourth-party vendors — impacts the production of goods and services while also driving up prices.

In the CrowdStrike Security Report — a survey of more than 1,000 participants — two-thirds of senior IT decision-makers and cybersecurity professionals revealed that their organizations had experienced a software supply chain attack. The same number confessed that their company is not adequately prepared to defend against a future breach. Businesses must be proactive and focus on building cyber resiliency to prevent exploitation.

The National Institute of Standards and Technology (NIST), part of the United States Department of Commerce, recommends the following steps to properly safeguard IT assets.

Identification

Locate potential threat vectors — routes that malicious attacks may take to get past your defenses and infect your network — by conducting internal risk and vulnerability assessments. Consider hiring a company to perform an advanced assessment.

Protection

Take the necessary actions to protect your organization and prevent threat events:

  • Exposure reduction. In addition to the basic protection provided by firewalls and antivirus software, it’s vital to establish privileged access procedures. Follow the principle of least privilege — only employees who need access to sensitive data are permitted access.

Tools like behavioral analytics, endpoint detection and response (EDR), artificial intelligence (AI) and threat intelligence can strengthen defenses. Companies should adopt secure coding practices and refer to the Open Web Application Security Project (OWASP) Top Ten Web Application Security Risks. 

  • Employee commitment and training. Employees are the last line of defense in cybersecurity and one of the most common threat vectors. It is critical to engage every employee; the executive suite is not exempt. Establish a culture of healthy suspicion among employees. This approach may seem overly paranoid, but the stakes can be high.

Institute awareness training and internal phishing campaigns to expose employees to the newest spam and social engineering techniques. Any employee who falls for a phishing campaign should immediately be required to undergo training. Instill a strong password culture in which employees have varying and secure passwords. Ensure that they understand that if a password is breached in one place, it is possible and relatively simple for hackers to use it on other accounts associated with the same email.

There are countless helpful (and free) cybersecurity resources available to supplement employee learning and keep employees updated on the latest industry trends such as the virtual training modules provided by the U.S. Department of Homeland Security.

  • Insurance. Make sure you have adequate insurance in the event of an attack. Some insurance providers include ransomware protections. Inquire about what things are not covered in a cyberattack.
  • Physical security. Protect personnel, hardware, software, networks and data from physical trespassing and actions. Consider solutions like surveillance cameras, security guards, security systems, barriers, locks, access keycards, fire alarms, sprinklers and other systems designed to protect employees and property.

Beware of piggybacking. Holding the door open for someone walking into the office with their hands full may seem polite, but it poses a security threat. Make sure everyone who enters company premises is authorized personnel.

  • Selective business relationships. Cyberattacks through supplier networks are becoming increasingly common. According to the 2020 Cyber Resilient Organization Study by the Ponemon Institute, 56% of organizations report that they have experienced a cybersecurity breach caused by a third-party supplier. In determining an acceptable level of risk, be selective when choosing contractors or partners to work with your company.
  • Incident reporting. Instill a good culture and education for reporting incidents. IT professionals are more capable of reducing potential damage if they know about it sooner.

Detect

It has been said that a home without smoke detectors is the same as a network without monitoring. Continuous monitoring for security events should include physical environments, networks, service providers and user activity. Vulnerability scans are a great tool and should be performed regularly on systems containing sensitive information.

Response and Recovery

A correlation is evident between response time and the cost of an attack. Industries that take the longest to detect, react, respond and remediate incur the highest costs. A fast response can help mitigate the impact. Still, it cannot eliminate the possibility, so there is always an emphasis on prevention.

A disaster recovery plan is critical to restoring data access and IT infrastructure after a disaster. Recovery depends on the scope of the damage.

Chart out a response plan and a remediation roadmap for all potential incident scenarios in the form of a business continuity plan. Include tactics that will keep the business operational during a disaster. Determine vendor criticality and a course of action if key vendors are attacked. Enlist backup suppliers and backups for your backups in case you need to shift to another provider to accommodate customers.

As part of an effective disaster recovery plan, it is recommended to simulate a cybersecurity breach at minimum once a year. Through these drills, relevant personnel understand their role and the procedures to be followed. 

Cybersecurity will be a prominent obstacle for businesses of all sizes as supply chains become more complex. Identify weak links in the supply chain to ensure vulnerabilities are minimized and to prevent threat events. Building cyber resiliency will prepare your company for a worst-case scenario that would otherwise be more expensive and damaging.

Marc Lewis is head of information security at Visible Supply Chain Management.

Data Management (Big Data/IoT/Blockchain) Technology HR & Labor Management Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A COMPLEX SERIES OF ROADWAYS AND RAMPS, SEEN FROM HIGH ABOVE, IS PARTLY SHROUDED BY CLOUD

    Supply Chain Visibility Isn’t Just a Catchphrase; It’s an Imperative

    Logistics
  • A TRUCK LEAVES A PORT DOCK LOADED WITH A CONTAINER

    C.H. Robinson Digs in Against Activist Investor Ancora

    Freight Forwarding/Customs Brokerage
  • A MESSY JUMBLE OF BOXES SIT ON THE FLOOR OF A WAREHOUSE

    Supply Chain Lessons to Bring into 2023

    Forecasting & Demand Planning
  • A CONTAINER SHIP PLIES A SILVERY OCEAN

    CVC Nears Deal to Acquire Logistics Firm Scan Global

    Logistics
  • MANY COGS INTERACT TOGETHER, ONE PAINTED WITH THE FLAG OF MEXICOStock-natatravel-1261506189.jpg

    Mexico’s Industrial Hubs Grow as Part of Shift Toward Nearshoring

    Logistics

Digital Edition

Scb q1 2023 cover

2023 Supply Chain Management Resource Guide: Packing for a Difficult Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing