Don’t Let Cyber Attacks Disrupt Your Supply Chain — Like Colonial Pipeline

The summer of 2021 saw two of the biggest cyber attacks — Colonial Pipeline Co. and JBS SA.

Ransomware attacks crippled both companies’ supply chains, leaving them even more vulnerable. To recover their encrypted data, they gave in to the demands. Colonial paid $4.4 million and JBS, $11 million.

Attacks on a company’s supply chain mean they stand to lose sensitive consumer data, are unable to serve their customers and, of course, risk losing their credibility and reputation.

Download our free ebook, Enterprise Action Plan for a Ransomware Attack

Discover how to create a cyber strategy that will keep pace with the changes in the work environment and keep your business secure.

According to IBM's Security Cost of Data Breach Report, the average total cost of a breach for enterprises of more than 25,000 employees is $5.52 million, and for organisations under 500 employees, it’s $2.64 million.

Why Are Hackers Targeting Supply Chains?

Hackers want to make the most impact when carrying out their attacks, and an incapacitated supply chain is consequential. Because of the disrupted customer service, most companies pay the ransom demand, making them an easier target.
Of course, effects like undermined trust and loss of competitive edge also make supply chains vulnerable to nation-state attacks.

Cyber criminals are getting more astute about identifying weaknesses to exploit supply chains more effectively than ever before. In the case of Colonial Pipeline, hackers took advantage of a legacy virtual private network (VPN) profile that only required single-factor authentication.

In fact, 80% of breaches involve personally identifiable information (PII) and passwords to access an individual’s various accounts across the web.

Further, a break in the supply chain — whether first-party or fourth — has the potential to impact the production of goods and services while also driving up prices.

5 Top Global Supply Chain Security Vulnerabilities

Organisations have shifted their work modes to remote and have implemented cloud computing without rethinking their business processes. Distributed models can affect some core aspects of their existing supply chain security management, leaving them susceptible to attacks.

Some of the top supply chain vulnerabilities include:

Unprotected Data

Protecting data from breaches and attacks is an ongoing challenge because supply chains need data workflows to function properly. Now, data is more mobile and is stored, accessed and transmitted to numerous access points, which makes it more difficult to protect.

Measures like homomorphic encryption can help protect data.

Unsecure Data Nodes 

Workers have to collect and store data at all tiers of the supply chain and use it to make informed decisions. Often these nodes aren’t secure.

Added to that, some insider threats in a supply chain can risk trade secrets and the personal privacy of their consumers and suppliers by exchanging data.

Implementing distributed ledger technology based on the blockchain can help keep data safe and immutable along the supply chain.

Lack of Data Governance

With the distributed work model and the use of remote project management software and mobile apps, the surface area the business must oversee has grown exponentially.

Without proper standards and practices for how their employees and vendors access and handle data, they will leave themselves open to data breaches.

Fraudulent Activities

In 2020, KPMG reported a supply chain fraud case that stemmed from a fake invoice. Criminals got access to an email carrying an invoice and altered the bank account details, robbing hundreds of thousands of dollars from the company.

Supplier remittance fraud has soared in the supply chain as the number of data touch points has increased. Each access node is a potential gateway for attacks or losing data by mistake.

Third-Party Risks

An average supply chain can be a convoluted structure, encompassing vendors and customers spread across different parts of the world. Interacting with unknown parties can leave any business exposed.

But in the case of supply chain, a staggering 43% of third parties do not undergo due diligence checks, indicating clear gaps in formal compliance.

Worse, 62% of companies don’t fully monitor third parties for ongoing or emerging risks and aren’t aware of the extent to which third parties are outsourcing work.

There are many steps business leaders can take to keep their supply chains secure, whether that’s data encryptions, tokenisation or access monitoring.

Sign up for the Oxford Cyber Security for Business Leaders Programme to learn about the cyber risks of globalisation and integrated supply chain and how you can manage the threats with technologies like AI.

Oxford Cyber Security for Business Leaders Programme is delivered as part of a collaboration with Saïd Business School, University of Oxford and Esme Learning. All personal data collected on this page is primarily subject to the Esme Learning Privacy Policy.


© 2021 Esme Learning Solutions. All Right Reserved.