IoT-reliant firms are cybersecurity laggards, warns EY

EY Asia-Pacific cybersecurity leader Jeremy Pizzala warns that firms most vulnerable to cyber attacks are reliant on operational technology, such as IoT

In the wake of the serious DP World Australia cyber attack an EY cyber security leader has warned that too many organisations worldwide remain lax in the face of the growing threat of potentially devastating supply chain hacks. 

DP World is Australia’s largest port operator, and the company was forced to shut down its Sydney, Melbourne, Brisbane, and Fremantle port operations after discovering hackers had breached its systems. 

The company is still in the process of resuming full operations following the attack. One regional exporter was left with 300 containers stuck in a single port. 

Jeremy Pizzala is Asia-Pacific Cybersecurity Consulting Leader at EY. He warns that too many vendors are cybersecurity laggards, who are vulnerable to malware, ransomware or denial of service attacks. These can then work their way up or down the supply chain to larger organisations.

The laggards, explains Pizzala, tend to be organisations that rely on so-called operational technology (OT) – such as Internet of Things (IoT) devices – and as a result do not see cybersecurity as a high priority.

Operations tech 'can be cybersecurity weakness' - EY 

He says: “Supply chain attacks have risen dramatically in recent years, in tandem with the rapid adoption of open-source software, digitisation, interconnectivity across the business ecosystem and the integration of OT with IT in today's digital ecosystem. 

“Attackers can inject malware into widely used IT service management platforms. Supply chain attacks are serious. They compromise sensitive information, alter data and disrupt operations. This results not only in financial losses but also reputational damage, broken trust, missed deadlines, and dissatisfied customers.”

A recent EY survey of global cybersecurity leaders found that the most heavily digitised organisations are those that are most aware of the risks posed by potentially malign software embedded in their critical business operations. 

Pizzala says that these organisations are most secure because they are more likely to adopt advanced cybersecurity approaches such as DevSecOps. 

DevSecOps stands for ‘development, security and operations’, and is the practice of integrating security testing at every stage of the software development process. 

It includes collaborative tools and processes for developers, security specialists and operation teams to build software that is both efficient and secure.

On the general subject of cyber protection, Pizzala says it is unrealistic for businesses to conduct meaningful security checks on the hundreds of thousands of software vendors in existence, “let alone carrying out security checks on the open-source software community operating freely on the web”.

Instead, Pizzala urges organisations to:

  • Adopt machine learning-based tech that identifies unusual behaviours, and so indicate the presence of attackers inside a network
  • Take a zero-trust based approach that denies systems access to anyone who doesn’t require access as an essential part of their job
  • Store powerful ‘super user’ credentials in digital vaults, because attackers seek these out in order to escalate attacks
  • Immediately apply security patches released by software producers discovering a vulnerability.​​​​​​​

For further insight check out the latest issues of Supply Chain MagazineProcurement Magazine & Sustainability Magazine

BizClik is a global provider of B2B digital media platforms that cover executive communities for CEOs, CFOs, CMOs, and leaders in sustainability, procurement, supply chain, technology & AI, cyber and FinTech. It also covers industries such as manufacturing, energy and EV. BizClik is based in Norwich, London, Dubai & New York. It offers content creation, advertising and sponsorship solutions, webinars & events.


Featured Articles

IBM: Supply Chain Data is Sustainability 'Blockage'

IBM study highlights sustainability disconnect between intention and impact, with 76% of execs agreeing it's crucial but just 30% making much progress

Heineken Toasts Success of Supply Chain Transformation

Digital transformations have a notoriously high failure rate but not so at Heineken, who has transformed its European logistics operations to great effect

GEP's Procuretech Advice, as new Scope 3 Reporting Laws Loom

GEP issues advice around mandatory Scope 3 reporting, an issue that will figure large at Sustainability LIVE: Net Zero, being held in London

Cainiao: The World's Largest Ecommerce Logistics Provider


FedEx Express Opens Singapore Logistics HQ


Supply Chain Problems Sees Partnerships Programme Grow