Back in 1988, the success of an early computer virus slapped programmers and users awake that they’d better take cybersecurity seriously. The malicious code was set loose by Robert T. Morris, a Cornell University grad student. At the time, his stated aim was “to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects.” Within 24 hours, the self-replicating worm had disabled nearly 10 percent of the world’s 60,000 connected computers at the time.
In the past decades, the number of cyberattacks has grown exponentially, fed by ever-more sophisticated bots and driven by threat actors. Every day, enterprises fend off millions of cyberattacks aimed at stealing information including financial data or sensitive company records. And the threat continues to grow. Unfortunately, supply chains are also increasingly vulnerable. The question is, how do you manage cyber risk in your supply network?
Are your suppliers providing entry?
Most large organizations have fortified their IT-infrastructure, yet their suppliers might not have the same level of security. Currently, half of today’s cyberattacks rely on island-hopping – trying to infiltrate a company’s system through a partner infrastructure*. Suppliers or third parties might not have resources to secure their networks, or simply put a low priority on cybersecurity. Potential attackers, whether humans or bots, then identify the organization within the supply chain with the weakest cybersecurity.
And with greater interconnectivity and digitalization in procurement processes, cybercriminals gain further ports of entry. Surveys show that companies grant access to roughly 180 suppliers on average (for example, via supplier portals). These business partners also present risk through their suppliers, the sub-tiers of the supply network. This is why sub-tier visibility is so important.
This past year, in pandemic conditions, the scramble to onboard new suppliers means that in some cases, security assessments were rushed. More than 30%* of companies sourcing electronic parts are currently onboarding new suppliers without going through approved vendor qualification processes.
Similarly, as enterprises rush to equip staff with remote working options, security sometimes takes a back seat to business continuity. Corporate-associated home-office networks are more than three times as likely to have at least one malware infection. Attackers use vulnerabilities such as weak firewalls to infect the network and move laterally. And through carelessness, ignorance, negligent or malicious action, employees in your own organization can cause data loss or violate General Data Protection Regulations (GDPR).
Actions you can take to manage risk
Faced with external as well as internal cyber risks, securing IT-systems, educating employees and monitoring supply networks become mission-critical. For managing cyber risk in your supply network, we recommend that you identify, assess, and mitigate potential threats. For example:
Identify: Uncover cyber risk in your supply chain. Be first to respond to any incidents, by using an artificial-intelligence-based system that continuously monitors your suppliers and other risk objects such as logistics hubs in real time.
Assess: Examine which firms are potentially a source of risk. Complement risk insights with security ratings from specialized providers. Evaluate third parties on their cybersecurity efforts, such as malware defense and controlled use of access, for example.
Mitigate: Prepare action plans in advance so everyone knows what to do before an incident occurs. Develop risk mitigation strategies, such as identifying alternative sources.
Managing cyber risk is an essential element of advanced supply chain risk management, which also enables you to ensure data security compliance, and earn the trust of investors, business partners, and customers. Surely one lesson everyone’s learned from Robert T. Morris, the early bird of cybersecurity, is that you have to catch computer worms before they harm your IT-systems or supply networks.
For more information, please watch our webinar with riskmethods’ partner BitSight: Why Cyber Risk is Critical to Your Supply Network: Are your suppliers leaving your ‘back door’ unlocked?
Author: Riskmethods -09/02/2021
*sources: VMWare Carbon Black, Supplyframe, BitSight