From Our CEO
Supply Chain Cybercriminals Get Creative
By ASCM CEO Abe Eshkenazi, CSCP, CPA, CAE
As supply chains become longer, more dependent and extraordinarily complex, cybercriminals are finding alarmingly innovative ways to attack them — and these strikes often trickle down to business partners, processes, information technology (IT) and equipment. Taylor Armerding writes in a recent Forbes article that attackers are increasingly aiming to leverage the relationships among supply chain stakeholders in order to breach every facet of the primary victim’s network.
“A full understanding of the sources of a given information system can be extremely complex,” Gregory Wilshusen, director of information security for the Government Accountability Office, recently testified to U.S. Congress. “The identity of each product or service provider may not be visible to others in the supply chain.”
Furthermore, according to the 2019 Global Incident Response Threat Report from cybersecurity firm Carbon Black, a growing number of attackers are using counter-incident-response techniques, such as deactivating firewalls, disabling antivirus software or deleting logs.
Armerding admits that supply chain has been “a prime attack surface for years” — the disastrous incidents at Best Buy, Delta Airlines, Sears and Target being just a few examples. However, the internet of things and the swelling number of online access points today are making it ever more crucial for networks to advance their supply chain risk management (SCRM) initiatives radically and right away.
“That means knowing who is designing, manufacturing, building, delivering and supporting your enterprise IT capabilities,” Armerding advises.
Ahead of the curve
While there is no guaranteed way to prevent cyberattacks, a well-managed supply chain makes it a lot tougher for the aggressors to succeed. Whether an organization is facing cybercrime, extreme weather, resource scarcity or a health epidemic, becoming more resilient enables supply chain management professionals to overcome such disruptions.
With this kind of resilience in mind, ASCM has engaged a group of SCRM subject-matter experts in order to become the voice of record in supply chain risk and resilience. They will soon be launching a survey focused on the financial impacts of a risk event on both company and shareholder value, as well as how risk may increase or decrease as a result of adopting new technologies and what kind of returns on investment are observed. Stay tuned for key findings and insights from this initiative.
ASCM’s Risk Management Education Certificate is another way to cultivate effective SCRM strategies at your organization. This comprehensive, forward-looking program prepares you to protect your company while balancing decision-making risks and rewards. The certificate is composed of risk-management basics; assessments; governance, risk and compliance; and more. You may earn certificate hours through several different ASCM seminars and at ASCM 2019 later this year in Las Vegas. I encourage you to take this essential first step toward safeguarding your company and its valued partners.