This type of thing is disruptive. Further, it’s very possible that the company’s bottom line and its corporate brand will be impacted. Only time will tell. For the rest of us, it’s a timely reminder that cybercrime is real. We also need to get our partners thinking about it—because after all, we share information across systems. It’s a vulnerability.
Not only are electronic supply chains a good target, these types of attacks are becoming increasingly common. Roughly one-third (32 percent) of cybersecurity attacks last year involved ransomware, according to the 2024 Verizon Data Breach Investigations Report. Meanwhile, market research firm Gartner recently identified cyber extortion, where criminals execute ransomware attacks to extort funds from supply chain organizations, as one of its top trends for the supply chain this year. It’s something we need to be thinking about.
What all that says is that we have to be thinking differently. There is no question “What if we get attacked?” We have to assume that cyber-attacks will occur and think about working to make ourselves a less easy target—and have processes in place to react quickly and assertively when something happens.
Cybersecurity can be a hard topic to get our arms around. However, common sense goes a long way to increasing safety. There are three things to think about:
- Be smart and stay alert. People are often the weak link in the security system. They click on a link they shouldn’t. They share their passwords—and write them on sticky notes or use the same one all the time. In our organization, we try to keep awareness high. We let people know when something “phishy” has been going on. And we periodically train people on the latest scams and approaches. Whenever possible, we try not to learn things the hard way.
- Work across departments and the partner network. Supply chain technology leaders should collaborate with IT leadership to confirm ransomware attack scenarios are included in the corporate risk management processes and develop a detailed ransomware incident response playbook, Gartner suggested in its report. Further, audit security practices of critical partners. By identifying the staff, contractors, vendors, and suppliers with system access, you can start managing the potential risk.
- Listen to the experts. The good news is that none of us have to do any of this alone. Best practices exist and are a great place to start the planning process. For example, the National Institute of Standards and Technology (NIST) has created a set of supply chain security best practices.
Comments
Post a Comment