Supply Chain Challenges in the Shadow of Digital Threats

Originally published by HCL Technologies here.

Written by Andy Packham, SVP & Chief Architect, HCL Microsoft Business Unit.

In a monumental move toward greater organizational safety, the US government’s recent Cybersecurity Executive Order marks a major paradigm shift in the battle against digital threats. It not only indicates the critical importance of cybersecurity for organizational and national security, but is an essential step toward safeguarding critical enterprises and infrastructure in an increasingly dangerous digital landscape.

By deploying a standardized playbook for federal response to cyber incidents, this order will allow the government to upgrade and secure cloud services and other cyber infrastructure. The establishment of a “Cybersecurity Safety Review Board”, comprising of public and private sector officials, will ensure a multifaceted analysis of cyberattacks and provide recommendations in a timely manner. Furthermore, the order fosters a spirit of cooperation and data-sharing within the government and external corporate entities for a wider, end-to-end detection and response system.

As the order slowly makes itself felt across the cybersecurity ecosystem, companies will see the benefits unfold in a significant manner, driving secure enterprise operations to become a key differentiator. Some of these benefits include more secure software design and resilient supply chains, along with a greater emphasis on easy-to-secure digital technologies (cloud, MFA everywhere, incident tracking, SaaS etc.).

With a greater focus on developing standardized requirements with government and business collaboration, we can expect to see more returns from security investments – a winning prospect that simply cannot be ignored. However, this is merely the first step on a long journey to build resilient supply chains under the shadow of digital threats.

Securing our Supply Chains – The Need and the Challenges

The Colonial Pipeline and JBS incidents are only the latest examples of criminal organizations exploiting vulnerabilities in cybersecurity to gain access to critical data and communications; to cause catastrophic damage to global supply chains. Already facing disruption due to the global pandemic and seeing increases in digital ops, supply chains were ripe for the picking – allowing opportunistic cyber criminals to exploit system vulnerabilities that lead to a crippling fallout. With these threats remaining ever present and growing increasingly complex in the age of global interconnectivity - a radical change was not only necessary but critical in securing the future.

While industries are building veritable cybersecurity fortresses to protect their data, the vulnerabilities across the supply chains remain at risk. From manufacturers, to partners, service providers and suppliers – these critical touchpoints are the most susceptible, with over 80% of all recorded security breaches occurring at some point in the supply-chain network. A lack of governance and control over these individual sections of the supply chain contribute heavily to this state of affairs, and cyber criminals are constantly monitoring these areas for weaknesses to exploit.

The supply chain is only as strong as its weakest link. With this in mind, various industries face their own unique challenges when it comes to ensuring supply chain cybersecurity for their assets, particularly in the wake of the COVID-19 pandemic –

Retail

Malware, ransomware, phishing attacks, and other cyber threats have been the bane of the retail industry for many years. As the digital expansion continues to grow in the wake of expanded remote operations, the financial and personal information that retailers have always dealt with, have become a tempting target for cyber criminals. With online purchases on the rise, and the flow of data for retailers increased dramatically, an information leak could cause irreparable harm to the brand reputation of any respectable retail outlet. This sudden change in network topology, therefore, has been one of the greatest challenges faced by the industry.

Energy and Natural Resources (Oil & Gas)

The recent colonial pipeline hack has been a sobering wake up call for the energy and natural resources sector. The sheer vulnerability of critical infrastructure has been laid bare, and even led to government initiatives on regulating cybersecurity for the same. The intense pressure to integrate with the digital revolution in recent years has also opened it up to a whole new threat intelligence landscape. The tools that were used to help the industry run efficiently through remote operations are vulnerable enough to be exploited by cyber criminals. Malware and IT/OT integrations continue to be top risks for the industry as it tries to build a secure foothold on the digital frontier.

Healthcare and Life Sciences

Striving to keep pace with the increased global demands brought by COVID-19, the healthcare sector supply chains have been more taxed than ever before in recent years. This overextended and high-risk supply chain in particular requires multiple layers of security to stave off cybercriminals that can cause cargo theft, temperature malfunctions, counterfeiting, and other crippling risks. Logistical issues in particular, fostered by increasingly complex supply chains and a growing number of exchange points have opened up multiple end-points ripe for exploitation. An industry that is more time-sensitive than most with truly life-or-death consequences, maintaining cybersecurity hygiene across endpoints and third party contractors is the greatest challenge.

Manufacturing

For the manufacturing sector, a spate of new techniques and tactics utilized by cyber criminals have ravaged the industry. As per a 2020 report, this sector is one of the most targeted industries for malicious browser breaches, comprising of over 38.6% of all global attacks. Phishing-based attacks are the largest risk for the manufacturing sector and when paired with a lack of security awareness and employee negligence, the threat only doubles in size and scope. Monitoring these threats across shadow IT devices and all endpoints is a great challenge for the industry

Supply chain resilience will continue to be the need of the hour as long as they continue to evolve and grow more complex. But as long as we are focused on enhancing security operations and ready to develop new solutions to address these needs, with leaders willing to implement the same – the sinister shadow of cybercrime will no longer be the menace.