In March 2022, the McKinsey Quarterly Global Survey identified global
Deloitte’s Cyber Threat Intelligence did a deep-dive on the cyber risks that companies have faced to their supply chain over the pandemic’s height, and the results are shocking.
Average
As much as 40% of all manufacturing brands faced cyber outages to their operations during the pandemic. BlueVoyant Research’s second Annual Global Survey into Third-Party Cyber Risk Management research says, “97% of firms surveyed have faced
negative impacts due to a cybersecurity breach in their supply chain.”
It also said that the average number of breaches in weak supply chains has been increasing by 37% year on year, and the growth trend is expected to continue in 2022 as well.
The European Union Agency for Cybersecurity (ENISA) report - Threat Landscape for Supply Chain Attacks, which analyzed 24 major attacks, showed that even strong security in place is not adequate.
They’re coming for your customer data
The ENISA report says that two-thirds of all attacks were through chinks in supplier codes. This immediately identifies the problem and recommends the solution, better validation and verification of supplier codes for security tampering.
Almost 60% of attacks target customer data which could mean complete annihilation of the business, if successful. So clearly, better control on PII ( Personally Identifiable Information) needs to be in place.
Clearly, between supplier codes and customer Identity data, organizations need to implement much stronger checks and balances on codes, ID, and access data.
Here are a few things CISOs can do to secure their supply chain in these trying times:
- Every supply chain element should have a cyber security maturity assessment exercise. While innovation in the supply chain process is welcome, there is a real need to perform a risk assessment for modules or functionalities, regularly. This assessment should cover every new point on the supply chain platform- OT environment, business networks, control systems, and products, and of course advanced IT protection metrics like IP protection, control systems, and even third-party risks. In addition, an inventory of all assets should be securely maintained, and that needs to include patch-relevant information.
- Act upon the assessment insights: the result of this assessment needs to be analyzed for doable activities and put into action immediately. They should be the base to create a secure supply chain risk minimization strategy. The risk should be brought to the notice of corporate leadership so that appropriate action can be taken to secure the operations. Defining risk criteria for both suppliers and customers- software dependencies, risk points, loss of critical access control- all need to be identified and documented.
- Establishing a leadership-level cybersecurity governance programme: to ensure that proper governance structures are established, to monitor the risk appetite and resiliency of the organization’s OT, including its supply chain.
- Digital support for the tech-transformation: While digital transformation has been a buzzword for a couple of years now, the pandemic, and then the Ukraine attack has crunched the timelines- now it is an issue of survival. Getting digitally transformed is a big leap in assuring a more secured, robust, and resilient supply chain platform, across sectors.
Despite these checks in place, the threat from cyber miscreants is always present. The cyber threat landscape is constantly evolving, and vulnerability could be housed anywhere. It is the need of the hour for both the decision-makers as well as technology users to ensure no data is breached while keeping in mind the safety of users of the tool.
SEE ALSO:
Apple iPhone 13, iPhone 12, iPhone SE and more are now cheaper by up to ₹11,901
All about the Agnipath recruitment scheme for the armed forces