Insights

How are cyber-attacks costing you in your supply chain?

Mark Keelan, Director of Compliance Practice, UST

First the pandemic and now the cyber pandemic. Our supply chain is not in good shape, and the risk of cyber-attacks through supply chains is higher than ever, the effects of which can be devastating. In fact, 50% of all supply chain disruptions in the US are caused by cyber-attacks.

Examples of supply chain issues include exorbitant container costs, fundamental construction supplies delayed by months, four out of five new cars selling at higher than MSRP due to the lack of supply.

With all these issues, cyber-attacks can be the straw that breaks the camel’s back.

Cybersecurity and supply chain efficiency are closely intertwined. Global supply chains need to address cybersecurity and risk management and make it a top business priority. The need to fortify against the ever-increasing and damaging cyber-attacks has never been more critical. The wait times at shipping ports, increasing demands, manufacturing issues, and labor shortage, among others, have made supply chains increasingly brittle and fragile.

Global supply chains are exceptionally vulnerable to attack in their current condition. They felt the strain of pandemic-driven shopping which nigh broke its back and continues to weigh it down almost two years down the line. As millions worldwide veered toward online shopping during the shutdown, shipping and logistics demand increased. Some industries experienced unprecedented spikes in demand, like the computer and chip shortages. Supply chain issues in these areas held uphttps://www.motortrend.com/news/automotive-car-industry-semiconductor-chip-shortage-reasons-solution/

production for car manufacturers and others, lately, even garage doors, leading to losses.

There is a need for more robust cybersecurity measures in supply chain management. CISA has urged all organizations to heighten their cybersecurity and protect their most critical assets. The best way to increase the cyber resiliency of your supply chain is to assess and measure your supplier’s cyber readiness and maturity. It is near impossible to improve what you have not measured.

Understanding the impact of a breach and supply chain risks

Cybersecurity is more than installing anti-virus software; it needs to be a gatekeeper for every stage of the supply chain. Organizations must be aware of everyone with access to their network or systems. Any third party they interact with throughout the supply chain, from suppliers and contracted maintenance companies, can be a risk. The security of all in the supplier network directly affects the organization.

The breach goes beyond companies. It is important to remember that organizations, as well as their suppliers and organizations, are responsible for end-consumer data. Last year, the European Union Agency for Cybersecurity (ENISA) reported that 66% of supply chain cyberattacks targeted and breached their security. A staggering number that has continued to grow. When payment data gets compromised, customer information is at risk as well, a common target for cyber attackers.

With more organizations going remote, software usage has increased. It is a compelling security risk as more employees interact with its data or network. In an extensive supply chain network, this risk is manifold.

Why is this critical?​

The cost of supply chain disruptions is staggering. Considering that cyber-attacks cause 50% of the disruptions, it is clear the financial payback far exceeds the costs of reducing the cybersecurity risk in your supply chain. For most, if not all, companies, reducing cybersecurity risk is low-hanging fruit.

Even a small reduction in the quantity and severity of cyber-attacks can provide both immediate and ongoing savings. To quantify the cost of supply chain disruptions, consider this - the pre-pandemic cost for the US and the EU was $4 trillion annually. If 50% are the result of cyberattacks, a 20% reduction would result in a $400 billion return.

Other reasons to consider are:

• Assessments need to be consistent, measurable and done on at least a biannual basis to be effective. ​
• Poor cyber readiness creates internal and external gaps​ that make it easy for hackers to exploit you and your suppliers.

How to minimize and manage cyber supply chain risk

The global supply chain problem may seem overwhelming, but it can be managed well with the right tools, platforms, and partners.

According to the National Institute of Standards and Technology (NISTIR 8276), the first step toward effective cyber-supply chain risk management (C-SCRM) is to complete https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

a thorough risk assessment. The analysis must cover every level of the organization and assess your supply chain's cybersecurity and safety. Opting for an advanced platform that provides a measurable and actionable approach to cybersecurity, regulatory compliance, and cyber supply chain risk is the right step forward.

The next step is to reach out to your suppliers to discuss security and risk management methods, a process everyone will benefit from, and quickly find the weakest links. They can be incorporated into a supplier community portal to make it easy to assess your supply chain risk across complex global supply chains.

Once the assessment is complete, it is time to put strong security measures in place with the help of advanced technology. An enterprise platform that provides high-quality security resources​ is the most effective way to improve resilience and supplier cyber readiness. ​

A focused approach to avoid crime-related delays, data breaches, and financial losses will help fortify defenses. Working with technology partners will help organizations do so without additional burden on current staff​.

A quick overview:

• Work with a technology partner to integrate C-SCRM across the organization and facilitate better collaboration between all departments in the supply chain.
• Opt for a platform that utilizes NIST, ISO, and any other major framework your industry requires to assess and score organizational adherence to each.
• Create an internal cyber risk management program for your organization.
• Develop an external cyber risk management program for your supplier network.
• Utilize the SECURE platform for a rich set of compliance dashboards, charts, and reports.
• Get quantitative measurements​ to measure the effectiveness of the program and understand the ROI for ongoing investment in privacy​.
• Get real-time visibility into the production processes of suppliers and outsourced manufacturers that can significantly reduce the risk of tampering and counterfeiting and improve the security and quality of the final products.
• An easy-to-use platform will facilitate closer collaboration with suppliers. It will also help create shared ecosystems to share information quickly and promote coordination which, in turn, will simplify supply chain management.
• Include and test key suppliers in the incident response and disaster recovery planning to enhance resilience against global risks.
• Assess and monitor the supplier relationship with powerful supplier-monitoring programs covering the entire supplier relationship life cycle.
• Opting for world-class cloud deployment using Salesforce will help you plan for the full life cycle and ensure business continuity.

To learn more about the most efficient path to minimizing cyber supply chain risk, fill out the form below to get a Free NIST Cybersecurity Maturity Assessment.