Imagine being at work like any other day, but you suddenly discover that hackers have infiltrated your network. Worse yet, they’re demanding millions in ransom before they’ll release your systems.
As operations everywhere continue to get smarter, they also confront new and mounting risks. In The Economist Intelligence Unit’s Resilient Supply Chain Benchmark, commissioned by ASCM, cyberattacks were cited as a dominant threat by 46% of respondents and were the top concern for professionals in the consumer electronics sector. In fact, ransomware attacks are up 400% compared to pre-pandemic levels. There were 143 incidents and nearly 1.1 million records breached worldwide in April alone. All told, experts predict cyberattacks to cost organizations $6 trillion this year.
The most recent attack happened this past weekend, when JBS Foods, one of the world’s largest international meat processors, was forced to take systems offline and halt work throughout its Australian and North American facilities. Of course, the longer JBS’s operations are interrupted, the greater the impact will be on the global meat supply chain.
Consider the Colonial Pipeline ransomware attack we experienced just a few weeks ago. A group of cybercriminals forced the shutdown of a pipeline that transports more than 100 million gallons of gasoline daily from Houston to the New York Harbor — about 45% of the East Coast’s fuel. As with any supply chain disruption, a weakness at one point has far-reaching ripple effects: The attack caused not only a five-day shutdown of pipeline operations, but also climbing gas prices and lines at the pump that went on for hours. Although government and industry officials assured consumers there was plenty of fuel, panic buying caused fuel shortages in 11 states.
“At least 12,000 gas stations reported being completely empty,” The Washington Post reports. “The panic was so contagious that gas stations in central Florida, an area not supplied by the Colonial pipeline, were also running out.”
Things are back to normal now, but NPR Investigative Correspondent Dina Temple-Raston warns that normal is not necessarily the end of it. Many cyberattacks have a backdoor feature, which means that the malicious code can stay hidden and then strike again when network owners relax.
Interestingly, our interconnectedness also means supply chain partners can inadvertently expose each other to cyberattacks. According to an article in Wired, “By compromising a single supplier, spies or saboteurs can hijack its distribution systems to turn any application they sell, any software update they push out, even the physical equipment they ship to customers, into Trojan horses.”
For instance, in the SolarWinds supply chain attack in December 2020, Russian cybercriminals now known as Nobelium hacked the software firm and planted malicious code in its information technology (IT) management tool, Orion. This gave them access to as many as 18,000 networks, including NASA, the U.S. State Department, the U.S. Department of Defense and the U.S. Department of Justice. The criminals didn’t have to hack into these offices directly; they just had to find a weak spot in their supply chain IT.
Protect your networks
“Cybersecurity is one of the biggest threats to maintaining a functional supply chain,” ASCM Editor-in-Chief Elizabeth Rennie writes in the latest issue of SCM Now magazine. “This kind of attack puts organizations — and their customers — at serious risk of privacy breaches, identity theft and worse.”
She goes on to say that companies must collaborate with their suppliers in order to identify where they touch your systems; how; and if they are continuously performing high-quality, high-standard threat assessments. Read Rennie’s article here; then, keep reading the wealth of award-winning ASCM content in our magazine and blog. These key member benefits offer valuable, proven strategies to help you prepare for sudden shocks within your supply chain, identify critical gaps, take effective action and achieve a much more resilient future.