Supply Chain Security - cybersecurity and risk management

7 Supply Chain Security Concerns to Address in 2019

“All across Maersk headquarters, the full scale of the crisis was starting to become clear. Within half an hour, Maersk employees were running down hallways, yelling to their colleagues to turn off computers or disconnect them from Maersk’s network before the malicious software could infect them…” 

So begins the story of what Wired calls “the most devastating cyber attack in history.”

While not all supply chain cyberattacks are this dramatic and dangerous, our supply chains are especially vulnerable to these types of attacks. Due to the inherent interconnected nature of supply chains, a security weakness in one link can compromise the functionality of the entire supply chain. In this article, I review seven supply chain security risks you should be aware of going into 2019.

A recent 10-year report by BSI found that there were more than 3 terrorist attacks on supply chains per week. #cybersecurity #supplychain Click To Tweet

Supply Chain Security

Supply chains face a broad range of threats, ranging from physical threats to cybersecurity threats. The physical threats are perhaps the more blatant and obvious ones that can occur at various points along the supply chain—think terrorists disrupting a supply chain by attacking oil infrastructure. Supply chain terrorism, in fact, is worse than ever, and a recent 10-year report by BSI found that there were 3.1 terrorist attacks on supply chains per week over the course of the study. Other physical threats include theft, which can occur as an external or internal operation, and then there is piracy.

Aside from the perennial physical threats, modern supply chains face an increasing number of threats related to information security. Such threats arise because technology and Internet infrastructure have advanced to the point that well-functioning, efficient supply chains are dependent on a range of software and hardware working in tandem, gathering and transmitting vital data about shipments, inventory, and even the condition of equipment used to manufacture parts.

This dependence on technology opens up new avenues for people who want to disrupt supply chains and obtain sensitive information or money. As I mentioned at the beginning of this article, the 2017 cyberattack, dubbed NotPetya, was especially devastating. It targeted Danish company Maersk, the world’s largest shipping container company. The consequences of this ransomware attack were instant and devastating, bringing down the entire global IT network of a company responsible for close to a fifth of the entire planet’s shipping capacity.

Facing a slew of increased cyber risks is part and parcel of the increased technological adoption across supply chains, and it’s imperative to take action to combat the range of information security threats in addition to the more traditional security measures deployed to combat physical risks.

Supply Chain and The Cloud

The cloud computing paradigm is having a huge influence on supply chains. In this model, computing resources, such as databases, applications, and storage, are consumed as utilities, accessible via public or private network connections. Cloud-based supply chain management software is on the rise, and a supply chain without some sort of cloud-based solution is now an anomaly rather than the norm.

Rangespan is an example of a supplier management company that uses the cloud—in fact, the company’s entire IT infrastructure is based with Amazon Web Services (AWS). The company uses a slew of AWS services, such as Amazon RDS to store customer and inventory information, and EBS volumes, which are high-performance storage volumes. This resource goes into more details on EBS and EBS volumes.

The cloud confers many benefits, including anytime access to low-cost, scalable IT resources. But the cloud model could introduce additional security complexities and risks into supply chain IT infrastructure if not managed correctly.

7 Supply Chain Security Concerns

Inventory Theft

Inventory theft by employees, particularly at distribution centers, remains a significant threat to supply chains. The scale of goods moving through these centers makes it hard to track everything with precision, and theft operations are often complex, involving workers inside the company colluding with people outside the company, such as drivers, to move stolen goods outside the distribution center for resale.

Mismanagement of Cloud Access

As supply chain management software and data storage move to the cloud, there is a pressing need to upgrade bear in mind the need to safeguard cloud data and applications. Failure to properly manage cloud access can lead to serious IT risks, including providing users with excess privileges, or, worse still, leaving cloud storage repositories open and accessible to anyone. A cloud solution must include strong permissions and access management.

Smuggling

The smuggling of illegal and legal goods presents real risks to supply chain security. Counterfeit goods, fake drugs, and so-called gray market products can be smuggled in via the international flow of containers that are used to transport legitimate products. Not only can smuggling impact end destinations and consumers, it impacts supply chains by taking up space in containers which are already crowded due to high consumer demand.

Increased Piracy

Piracy is one of the oldest and one of the greatest threats to supply chains. #cybersecurity #supplychain Click To Tweet

Even though piracy is one of the oldest threats to supply chains, it remains one of the greatest. Piracy incidents in West Africa cost $793.7m in 2016, and shipping companies are having to hire extra manpower to protect their shipments on the seas. It threatens not just supply lines but also the lives of those who work these vulnerable routes.

Physical Device Tampering

Purposeful tampering with physical devices is another huge security threat in supply chain management. This threat has particular ramifications for the defense electronics supply chain, and a 2013 report highlighting the difficulty of detecting electronic chip tampering still rings true. Such tampering could compromise important defense information or disrupt systems that use the chips.

Trusting Data To A Third Party Vendor

Cloud service providers allocate significant funds to securing their systems, their reputations and livelihoods depend on it. Understandably, some companies are still reluctant to entrust important data to a third party vendor. There are certainly increased risks in using a cloud service that doesn’t put a premium on security. It is thus critical to engage only companies that have experience in dealing with mission critical applications and pass strict security audits. These companies often have much higher standards and more layers of security than those of the companies whose data they host.  

IoT Sensor Compromise

IoT devices, which contain sensors equipped with Internet connections, are increasingly used in supply chains for inventory management and to predict machinery failures before they actually happen.

However, all of this sensor data is another attack vector that hackers can use to ascertain information about supply chains, including order volumes, important supplier relationships, and more. IoT devices need to be checked and verified for security and encryption should be implemented at all points in the IoT ecosystem.

Secure Your Supply Chain  

Security is imperative in supply chains, and the above seven security concerns just go to show the diversity of risks faced in contemporary supply chain management. As technology evolves in 2019, attack vectors will evolve with it, and get more sophisticated. It’s clear that a prudent security approach needs to be multi-faceted, encompassing defenses against a huge range of physical and virtual threats. Audit your vulnerability on these seven threats to get a good understanding of where your weaknesses lie, then make it a priority to address them. There are new technologies, for example, control towers, blockchain, authentication and serialization, and chain of custody solutions, and more that can help secure your supply chain.  

Limor Wainstein

Limor Wainstein is a technical writer and editor specializing in technology, computer/network security, SaaS applications and fraud prevention.

Latest posts by Limor Wainstein (see all)