The implementation of thorough cyber security policies in the supply chain is becoming increasingly important as the industry continues to navigate ongoing challenges. The global supply chain is under considerable strain due to external factors like volatile weather, geopolitical tensions, and rapidly increasing customer demand. However, one of the biggest threats managers should be aware of is the considerable rise in cyber-attacks aimed at the supply chain.
The Verizon Data Breach Investigations Report, published in 2022, highlighted a dramatic rise in supply chain attacks which left 90% of industry leaders concerned. A survey conducted by Gartner revealed that only 21% of leaders believed their network was highly resilient. Less than a third of cyber security decision-makers said they were ‘very confident’ that they could respond appropriately to cyber attacks. As the threat of cyber attacks increases, supply chain managers must take the necessary steps to overcome them.
What is a Cyber-Attack?
A cyber attack is defined as any attempt to steal, expose, alter, disable, or destroy another’s assets via unauthorised access to computer systems. Cyber crimes can cover anything from theft and embezzlement to data hacking and destruction.
The most common type of cyber attack is a ransomware attack. This is when malicious software is used to restrict access to a computer system or data until the victim pays a ransom requested by the cybercriminal. A range of consequences can stem from such an attack. It can have a negative impact on daily operations as staff divert their attention to deal with the breach and introduce new measures to prevent future attacks. A cyber attack can have far more severe consequences and result in significant reputational damage for businesses.
Data from Check Point revealed that weekly cyber attacks had increased by 7% worldwide in the first quarter of 2023 compared to the same period in 2022. Of the businesses affected, 1 in 31 experienced ransomware attacks. In the UK alone, 11% of businesses and 8% of charities experience cybercrime in the last 12 months according to the government’s Cyber Security Breaches Survey.
In the same survey, it was revealed that there were 2.39 million instances of cybercrimes across all UK businesses in the same period. It’s estimated cybercrimes will cost businesses $10.5 trillion in 2025.
Cyber Security Breaches in the Supply Chain
A supply chain attack is a type of cyber attack that targets the weakest link of the supply chain. Attackers will often take advantage of the trust that suppliers place in third-party vendors and take advantage of vulnerabilities to tamper with manufacturing processes. This is typically done with the installation of malware which can lead to significant disruption.
The most recent example is the attack on the MOVEit file transfer programme. MOVEit is designed to transfer sensitive files safely and securely but the attack compromised the security of high-profile clients like BBC, Boots, and British Airways. A major consequence of this attack was the reputational damage to MOVEit as well as the financial losses suffered by affected organisations.
The attack on MOVEit should serve as a stark reminder for supply chain managers on the importance of enhanced cyber security and collaboration to match the evolving techniques used for cyber attacks.
Increasing Cyber Security in the Supply Chain
The National Cyber Security Centre issued fresh guidance in 2022 following the increase in supply chain attacks. NCSC Deputy Director for Government Cyber Resilience, Ian McCormack, addressed the concerns of leaders saying:
“With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place. Our new guidance will help organisations put this into practice so they can access their supply chain’s security and gain confidence that they are working with suppliers securely.”
Ian McCormack via NCSC
The official guidance offered by the NCSC is as follows:
Stage One: Understanding – Establish why your business should have a stake in cyber security. Identify the key players in your organisation and have the right people in place to help improve cyber security in the supply chain.
Stage Two: Assessment – Determine the most critical aspects of your organisation that require the most protection.
Stage Three: Education – Ensure that each member of the team has a thorough understanding of the risk posed by supply chain attacks in the role they play in preventing that threat. They should also be aware of processes defined for the organisation.
Stage Four: Integration – Each contract should be subject to rigorous assessment once a new approach has been established. Steps should be taken to support partners who are experiencing a shortfall in managing cyber security risks.
Stage Five: Improvement – Be aware of evolving threats and adjust your practices accordingly. Collaborate with suppliers and use your awareness to raise concerns about potential weaknesses.
At KMsoft, we provide bespoke solutions to ease the strain on suppliers and allow them to effectively manage their supply chain to improve operational efficiency and dedicate time to other tasks, such as cyber security management. Our GS1 approved solution, StockAssist Industrial, offers a streamlined approach to managing inventory, helping you to improve efficiencies, productivity, and stock traceability across all storage locations.