IoT-reliant firms are cybersecurity laggards, warns EY

Share
Sydney is the second-largest container port in Australia, and was hit recently by the DP World Australia cyberattack. In the wake of the attack, EY is warning that the supply chain vendors most vulnerable to cybersecurity breaches are those reliant on so-called operational technology – such as Internet of Things devices – because such companies tend not to see cybersecurity as a high priority.
EY Asia-Pacific cybersecurity leader Jeremy Pizzala warns that firms most vulnerable to cyber attacks are reliant on operational technology, such as IoT

In the wake of the serious DP World Australia cyber attack an EY cyber security leader has warned that too many organisations worldwide remain lax in the face of the growing threat of potentially devastating supply chain hacks. 

DP World is Australia’s largest port operator, and the company was forced to shut down its Sydney, Melbourne, Brisbane, and Fremantle port operations after discovering hackers had breached its systems. 

The company is still in the process of resuming full operations following the attack. One regional exporter was left with 300 containers stuck in a single port. 

Jeremy Pizzala is Asia-Pacific Cybersecurity Consulting Leader at EY. He warns that too many vendors are cybersecurity laggards, who are vulnerable to malware, ransomware or denial of service attacks. These can then work their way up or down the supply chain to larger organisations.

The laggards, explains Pizzala, tend to be organisations that rely on so-called operational technology (OT) – such as Internet of Things (IoT) devices – and as a result do not see cybersecurity as a high priority.

Operations tech 'can be cybersecurity weakness' - EY 

He says: “Supply chain attacks have risen dramatically in recent years, in tandem with the rapid adoption of open-source software, digitisation, interconnectivity across the business ecosystem and the integration of OT with IT in today's digital ecosystem. 

“Attackers can inject malware into widely used IT service management platforms. Supply chain attacks are serious. They compromise sensitive information, alter data and disrupt operations. This results not only in financial losses but also reputational damage, broken trust, missed deadlines, and dissatisfied customers.”

A recent EY survey of global cybersecurity leaders found that the most heavily digitised organisations are those that are most aware of the risks posed by potentially malign software embedded in their critical business operations. 

Pizzala says that these organisations are most secure because they are more likely to adopt advanced cybersecurity approaches such as DevSecOps. 

DevSecOps stands for ‘development, security and operations’, and is the practice of integrating security testing at every stage of the software development process. 

It includes collaborative tools and processes for developers, security specialists and operation teams to build software that is both efficient and secure.

On the general subject of cyber protection, Pizzala says it is unrealistic for businesses to conduct meaningful security checks on the hundreds of thousands of software vendors in existence, “let alone carrying out security checks on the open-source software community operating freely on the web”.

Instead, Pizzala urges organisations to:

  • Adopt machine learning-based tech that identifies unusual behaviours, and so indicate the presence of attackers inside a network
  • Take a zero-trust based approach that denies systems access to anyone who doesn’t require access as an essential part of their job
  • Store powerful ‘super user’ credentials in digital vaults, because attackers seek these out in order to escalate attacks
  • Immediately apply security patches released by software producers discovering a vulnerability.​​​​​​​

For further insight check out the latest issues of Supply Chain MagazineProcurement Magazine & Sustainability Magazine

-------
BizClik is a global provider of B2B digital media platforms that cover executive communities for CEOs, CFOs, CMOs, and leaders in sustainability, procurement, supply chain, technology & AI, cyber and FinTech. It also covers industries such as manufacturing, energy and EV. BizClik is based in Norwich, London, Dubai & New York. It offers content creation, advertising and sponsorship solutions, webinars & events.

Share

Featured Articles

US Port Strikes Suspended: Will Supply Chains Stabilise?

Dockworkers have suspended strikes following a wage agreement, easing fears of holiday supply shortages as talks on automation and other issues continue

Why the EU has Delayed the Deforestation-Free Supply Mandate

The EU has proposed to delay enforcing its regulation on deforestation-free products, initially planned for December 2024, after political challenges

What Does US Port Strike Mean for Global Supply Chains?

The logistics industry faces widespread disruption as the US East Coast port strike kicks off, threatening global supply chains and seasonal peaks

WINNERS ANNOUNCED - Global Procurement & Supply Chain Awards

Digital Supply Chain

We're LIVE: Procurement & Supply Chain LIVE London

Procurement

Four More Speakers Join the Line-Up for P&SC LIVE: London

Procurement