Comment: Back to basics to throttle supply chain cyber threat
Effective cybersecurity is challenging enough for many organisations, but when you add supply chains into the mix that may include hundreds or even thousands of suppliers, the challenge grows massively.
There have been numerous instances where an organisation has been breached as a result of hackers finding a way in via third parties such as suppliers and contractors. Probably the most infamous example of a breach via a supply chain was when hackers breached US retail giant Target in 2013 by stealing credentials from a third-party heating company who were able to access Target’s networks and monitor its systems. The company fell victim to a spear phishing attack a few months before the main attack, when the hackers installed malware onto the retailer’s point of sale systems, stealing customer credit card details, and sending them to a compromised Target server before finally sending them overseas. The breach resulted in the theft of the credit and debit card details of up to 40 million consumers and has, so far, cost Target over $200 million.
Breaches via a supply chain can occur in many different ways. A supplier could inadvertently introduce malware into a network via a phishing email, or a vendor’s credentials could be stolen, allowing a hacker remote access to an enterprise with which the vendor works. This can then lead to the infiltration of an enterprise’s network via a trusted source.
Are supply chains the weakest link?
Hackers seeking to breach a large organisation will often do their homework and seek to take advantage of the organisation’s supply chain. Various methods such as social engineering will allow them to learn who their target does business with or who its suppliers are. Social media also allows them to learn who the best people are to approach or target with phishing emails.
If they are particularly determined they are likely to go through every part of the supply chain to find any vulnerability and, once they find one, they will then seek to exploit it. Once in, they can then cause trouble right along the chain.
Large organisations’ supply chains are comprised of small or medium sized organisations which, due to their smaller sizes and budgets, are often considered to be the weakest links in the chain, with cybersecurity measures less likely to be as effective as larger ones.
Forward-thinking supply chain operators, however, know that the most effective way of reducing risk is to support their suppliers and partners by providing tools and services that enable them to improve their security, rather than burdening them with endless questionnaires.
Reduce the threats by doing the basics
Organisations at the top end of a supply chain should encourage their suppliers to implement a cyber-aware culture. Adopting government schemes such as Cyber Essentials and educating employees at all levels will help to reduce the threat.
Good cyber hygiene should be encouraged, for example, such as avoiding suspicious-looking websites and never clicking links of which you are uncertain can help avoid many cyber dangers.
Proper awareness training can also help staff recognise the signs that an email might not be legitimate. By educating employees and members of a supply chain on how to spot a suspicious email, it’s possible to cut the likelihood of a successful phishing attack. Most of the time these emails are caught by an email service provider’s spam filters, but hackers are tenacious and are constantly finding ways to try and circumvent them. Many businesses and organisations have fallen victim to such attacks. We all receive spam emails - it’s a part of everyday life, so if in doubt, it is always best to refer a suspicious email to an organisation’s internal security team and not click on any links or attachments.
Ensuring that every organisation in a supply chain has well thought out policies and procedures in place, such as allowing users to access only what they require for their role, or not allowing personal devices or removable media to be plugged in, can help to protect against cyber-attack. Likewise, carrying out an audit of assets will help an organisation to keep track of what is part of its network and - more crucially - what isn’t. Supply chain partners should also be encouraged to keep their anti-virus and other security applications up to date. Finally, it’s important to ensure there is continued awareness of these practices in the same way that fire drills are carried out regularly.
The ‘It’ll never happen to me’ mentality needs to go
The belief that a cyber-attack will “never happen to me” is a surprisingly common reason for businesses not to invest properly in cybersecurity. Small businesses in particular are likely to believe this as they think that they’re too small to be noticed by cyber criminals. In reality, however, SMEs are actually targeted more often due to their appearance as a ‘soft target’ and as a potential way into a larger organisation’s supply chain. For this reason, large organisations should regularly assess the cybersecurity of their supply chain, and ensure that the necessary training, awareness and best practice cyber hygiene is in place to reduce the risk of a breach.
The Ultimate Procurement & Supply Chain Event
Global eProcurement leader JAGGAER has been announced as the latest sponsor for Procurement & Supply Chain Live.
Recognised as a Leader by Gartner in both Strategic Sourcing and Procure-To-Pay, JAGGAER’s direct and indirect eProcurement solutions help over 1850 customers, connecting to a network of 4 million+ suppliers in 70 countries.
From September 28th-30th, Procurement & Supply Chain Live gives you the opportunity to network with C-level executives, gain insight from industry pioneers and walk away with actionable insights that accelerate your career. By the end of the week, we promise you’ll have the skills to solve the world’s most pressing supply chain and procurement challenges.
Whether you attend virtually or in-person, you’ll strategise how to cope with global disruption, learn from industry pioneers - including newly announced speakers Chris Shanahan, VP Global Procurement/CPO at Thermo Fisher Scientific; Jim Townsend, Chief Procurement Officer at Walgreens Boots Alliance; and David Cho, CPO at University of Massachusetts - and walk away with tips, tactics, and tangible connections.
How to Attend
In a COVID-disrupted era, we know that the majority of people would rather avoid travelling for events─why take the risk, right? In response to the continued disruption, BizClik Media Group has decided that Procurement & Supply Chain LIVE will offer the best of both worlds through hybrid accessibility.
That means you and your peers can attend the event in person or virtually ─ with no disadvantages for people who choose not to make the trip to the Tobacco Dock venue.
Procurement & Supply Chain LIVE will be held at the Tobacco Dock in London, an industry-leading venue that is renowned for delivering world-class events. For attendees’ peace of mind, the venue is working to the government-endorsed AEV All Secure Framework, alongside mia’s AIM Secure and ‘Good to Go’ accreditation, they will ensure that we achieve a COVID-secure environment to facilitate all of your networking needs.
Our physical venue is both historic and stunning, but it has no bearing on the information that you and your peers can gain from the event. You can still absorb it all, interact with other attendees, and enjoy the conference experience on your alternative, virtual platform.
The platform will feature live feeds from all of the stages, as well as virtual networking areas. So, if you want to avoid travel, it’s not a problem! You can still get involved and enjoy the entire experience from the comfort of your own home.
New Speakers for Procurement & Supply Chain Live
VP Global Procurement/CPO at Thermo Fisher Scientific
Shanahan is Vice President, Global Procurement/CPO for Thermo Fisher Scientific in Waltham, MA. He joined the company to lead efforts in leveraging scale in the marketplace, develop capability and processes across the company, while transforming the supply base. He co-authored the Procurement Leaders Handbook, and holds a Master’s in Business Administration from Open University in the United Kingdom.
Chief Procurement Officer at Walgreens Boots Alliance
Townsend leads Walgreens procurement (Goods and Services Not For Resale). Prior to joining Walgreens Boots Alliance, he worked for Anglo American and General Electric also within commercial procurement. He has worked overseas extensively, in both manufacturing and retail environments. He holds an MBA in Strategic Procurement from the University of Birmingham, UK and a Bachelor’s Degree in Mechanical Engineering.
CPO at University of Massachusetts
Cho is Chief Procurement Officer for the University of Massachusetts, Unified Procurement Services Team (UPST), comprising strategic sourcing, contracts, supplier management, procurement operations, accounts payable, travel services, and customer service that provide quality service to the UMass system. Cho has 25-plus years of strategy and operations management consulting and industry experience. He was formerly Global Head of Sourcing and Vendor Management at BlackRock.
CLICK HERE to order now and make the most of our early-bird offer. Ticket prices increase over 50% soon!