As organisations strengthen the security of their IT infrastructure, cyber criminals are turning their attention to the weak links in the supply chain
June 2017 was a bad month for the world’s biggest container shipping line. Maersk suddenly found its computer systems grinding to a halt in the face of a cyberattack caused by the NotPetya malware.
In fact, Maersk, which carries almost one fifth of the containers moved globally, was one of several major international businesses that fell victim to the malware. Another notable victim was express parcels giant TNT. The cost to these companies was huge, not to mention the disruption to their customers’ supply chains. Maersk reckons it lost almost $300m in revenue and IT restoration costs, while TNT calculated the cost at $400m.
Sometimes cyberattackers demand a ransom. Earlier this year, the Colonial Pipeline in the United States faced a $4.4m demand after its network was hacked and its operations halted.
While these attacks disrupted operations, often attackers are trying to steal data. US retailer Target had to pay out $18.5m in claims after a 2013 cyberattack in which the attackers were able to steal credit card data for some 40 million customers.
In fact, cyberattacks are more common than people realise, says Richard Wilding, professor of supply chain strategy at Cranfield University. Victims don’t openly discuss attacks for fear that it will open them up to further attacks. Marcus Wuerker, chief information officer at DHL Supply Chain, agrees: “Phishing is pretty much commonplace these days; we’re also seeing occasional business email compromise attempts, as well as the more traditional denial of service attacks.”
There is also evidence that cyberattackers are shifting the focus of their activities towards supply chains.
Europe’s cybersecurity agency Enisa has warned that it expects four times as many attacks on supply chains this year than in 2020. It argues that the cost of attacking well protected organisations is increasing. And as a result, attackers are switching their attention to their supply chains. And it reckons that, given the international nature of supply chains, the potential impact is also increasing.
In July, Enisa published an analysis of the potential threats to supply chains which found that 62% of the attacks on customers took advantage of their trust in their supplier.
Dealing with the threat means, in the first instance, focusing on the basics, says Wilding. In particular, he points to the Cyber Essentials scheme backed by the UK government’s National Cyber Security Centre, which he says, should be part of any supplier assessment exercise. This offers two levels of certification. The basic level – Cyber Essentials – offers protection against most common cyberattacks. Cyber Essentials Plus goes one step further to provide a hands-on technical verification.
The Chartered Institute of Procurement and Supply makes the case for more awareness and collaboration. Group director Duncan Brock says companies that have been victims of cyberattacks need to move away from not being willing to share any details because they are too embarrassed: “I can understand why organisations do this but it’s a bigger problem for businesses and global society, and a growing one that individuals or businesses can’t solve on their own.
“Also, as regulation around this deepens, businesses will be looking for more expertise and more digitalisation and transparency in their supply chains, so they don’t fall foul of legislation as well as suffer an attack or affect others,” he adds.
Not surprisingly, software providers have been working hard to provide systems to neutralise cybersecurity threats. For example, SAP, which supplies IT systems to some of the world’s biggest companies, offers a security information and event management tool that identifies security gaps and detects threats both internal and external.
Artificial intelligence is increasingly being employed to tackle cyber threats. Darktrace, founded in Cambridge in 2013, used AI to learn the digital DNA of organisations enabling them to build up resilience to cyberattacks. In July, it revealed that it was intercepting 4,000 cyberthreats each week at lifestyle brand Ted Baker.
Supply chain links are often the most vulnerable point and supply chain partners have a key role to play in ensuring that they are adequately protected. Wuerker says: “Working with a multinational logistics provider may allow customers to leverage their provider’s more resilient and secure IT infrastructure, with built-in global redundancies, cyberattack detection and prevention capabilities.”
Protection against future attacks is essential, because one thing that is clear is that cyberattacks will continue to threaten global supply chains.