Given the SolarWinds “Orion” attack in December of 2020, and the coronavirus (COVID-19) Vaccine Cold Chain Phishing campaign, the demand for stronger security in the supply chain to prevent cyber assaults is at an all-time high. As reported by The Economist, who conducted a survey of 400 executives at US and European organizations, more than 36% stated that “cyberattacks ‘significantly’ disrupted their supply chain in the last three years,” costing each organization an average of roughly $3.9 million.
Supply & Demand Chain Executive (SDCE) reports that the amount of security infringements corresponds directly to the degree of supply chain automation being used. This is especially true if said automation is installed faultily. And given the predicted rise of autonomous work in the supply chain, the expected financial loss of cybercrimes is expected “to reach $6 trillion by the end of .”
To ensure cyber safety, SDCE outlines several key strategies to reduce cyber contraventions
The first of these is pinpointing weaknesses and risks by evaluating supply chain partnerships and assessing what information is being transmitted between parties, as well as who has access to said data.
Secondly, it is critical to establish boundaries at the beginning of mutual agreements (i.e. contracts) to state what data can be shared or cannot be shared with third parties.
Another plan of action consists of recognizing areas of vulnerability in regards to security (e.g., weak passwords and system designs). Companies can run vulnerability scans to evaluate these areas.
In addition, organizations should safeguard the wellbeing and information of clientele by “[encrypting and securing] data that is constantly updated to keep pace with the newest technologies.”
Finally, while the goal is to prevent infractions, one must consider the possibility of breaches (even if appropriate measures are instilled), and thus must create a response plan for such scenarios. Such plans might include documenting all details of said breach to learn from errors, utilizing “forensic imaging tools,” and maintaining a directory of stakeholders.
Source: Supply & Demand Chain Executive