Scared about supply chain cybersecurity? 5 reasons you aren’t scared enough- Part 1

Many organisations and supply chain experts are concerned about cyber security. The risks stemming from supply chain cyber threats are real. In fact, the danger is more frightening and potentially harmful than we realise. Here’s why.

Assessing cyber supply chain security vulnerabilities

Experts on cybersecurity and supply chain management (SCM) like to draw attention to the fact that operating systems are only as strong as their “weakest link.” The “weakest link” argument is evoked with good reason when discussing risk management, says Katherine Barrios, chief marketing officer at Xeneta.

It does not matter how strong your network security is — if there is fragility within it, that’s all that matters, that’s all it takes. Whether the vulnerability stems from poor internal security control or external danger, a compromised link can put the entire global supply chain at risk.

The vulnerability of the supply chain in the midst of the biggest cyber security breach to hit the shipping industry – the breach on Danish maritime giant AP Moller-Maersk’s information technology systems in June 2017- is nerve-racking to say the least. The breach is still causing the international shipping industry to reel.

From one ransomware attack (a variant of “Petya,” originating from a malicious Ukrainian software update, plus phishing emails), near catastrophic failure of global supply chain systems resulted. Terminals in the ports of New York, New Jersey, Miami, Los Angeles and Rotterdam were closed. Terminals operated by Maersk Line, such as the Jawaharlal Nehru Port Trust near Mumbai, India’s biggest container port, couldn’t load or unload because they were unable to track the origins of shipments.

The Port of Gothenburg and many other ports reverted to manual processing for several hours. A freeze on deliveries at the South Florida Container Terminal caused retailers’ orders (including some critical goods) to be delayed.

The backlog of containers continues. Reputational impact on Maersk is high. The financial loss from disrupted production and deliveries of goods to customers in several countries for many companies is too costly to enumerate at this point.

Given that 90% of world trade is transported by sea (Maersk runs close to 600 container vessels and 25% of containers shipped to and from Asia and Europe) (Jacob Gronholt-Pedersen, “Maersk says global IT breakdown caused by cyber attackReuters.com), the impact from such a digital disruption in the communication systems of an increasingly interdependent and complex supply chain is far-reaching. Reuters, “Global shipping giant Maersk is reeling from the ransomware fallout,” Fortune.

“Not to overstate it, but there’s a lot of truth to the idea that networked models of security ‘are only as strong as the weakest link,’” writes Paul Martyn, “Risky business: Cybersecurity and supply chain management,” Forbes. “And because big business will continue to outsource and pursue new markets of customers and supply, the scope of the problem is exploding.”

In almost every industry, companies are more dependent than ever upon suppliers, intermediaries, cloud- based communication systems, third-party service providers and vendors in the supply chain network. “The demand for constant online communication creates enormous opportunities for hackers to exploit weak vendor security practices as a point of entry into their ultimate target,” added Steve Bridges, senior vice president of JLT Speciality, an insurance brokerage firm focusing on cyber insurance (Martyn, “Risky Business.”).

It was through one of Target’s vendors – a HVAC company –that a hacker was able to infiltrate the system causing “the nightmare before Christmas” for the retailer and its customers (stolen credit card and debit card information of up to 70 million people) in 2013 (Maggie McGrath, “Target data breach spilled info on as many as 70 million customers,” Forbes.)

The role and risk of vendors in security lapses in the supply chain were further highlighted by the recent data breach at Verizon, the US’s largest wireless communications carrier. Verizon had been employing Israeli-based telephonic software and data firm, NICE Systems to carry out customer service analytics. The incident was discovered in late June 2017.

Katherine Barrios

An employee from NICE Systems had left the data of millions of customers exposed on an unsecured Amazon server for the previous six months. (Todd Haselton, “Verizon responds to breach that affected millions of customer accounts,” CNBC.)

Both buyer and vendor face potential disaster in the supply chain ecosystem. A weighty burden has been placed on buyers to ensure extreme thresholds of security from all vendor partners. In turn, vendors are at constant risk of legal liability from customers should a security problem be traceable to them. (Martyn, “Risky Business.”)

Part 2 continues tomorrow….

The author of this blog is Katherine Barrios, chief marketing officer at Xeneta

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more