Hackers swirling in on supply chain vulnerabilities, breaches increase

Procurement teams which have been accelerating adoption of digitalization since the pandemic are also dramatically changing their risk profiles.

Many organisations add layers of defence, which can make the process of defending against the continued onslaught of more and more cyber attacks difficult.

Reports suggest the supply chain and transportation industries are behind the eight ball when it comes to system security – compounded by delays facing the movement of goods.

A staggering 93% of firms globally admit they have suffered a direct cybersecurity breach because of weaknesses in their supply chains, research from cloud-based cyber defence company BlueVoyant revealed.

The research says firms are struggling to effectively monitor third-party cyber risks; the average number of breaches has increased 37% year-over-year.

In the US, Supply & Demand Chain Executive reports that cybersecurity is at a tipping point due to pandemic-related challenges, poor managerial oversight and more sophisticated hacking methods. 

“With companies digitizing more supply chain processes to keep up with the increasing pace of the movement of goods, each digital link provides another entry point for hackers to take down an entire system,” Rizwan Virani from Alliant Cybersecurity told the publication. 

Since the commencement of the war in Ukraine, the Australian Cyber Security Centre (ACSC) has warned Australian businesses to ‘urgently adopt an enhanced cybersecurity posture’ to protect themselves against targeted Russian cybercriminal activity (IT Brief.)

Hackett’s 2022 Key Issues study placed reducing supply risk to ensure supply continuity as the top priority for procurement professionals. 

“Enhancing business resilience and minimizing the impact of supply disruption to protect revenue and profitability have become the top priority for the first time in our annual Key Issues Study. We expect procurement organizations will continue to enhance visibility,  agility and capability,” the report says. 

Hackett’s research found cybersecurity risk remained at a very high level compared to 2021, 60 per cent of executives surveyed expect the threat of an attack to increase in 2022. 

Gartner suggests cybercriminals are looking to the digital supply chain as it “can provide a high return on investment.” “Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021,” the organisation said. 

Gartner says Digital supply chain risks demand new mitigation approaches. “Involve more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations,” the organisation’s Top Security and Risk Management Trends for 2022 found. 

Cyber Security Connect quotes key steps procurement professionals can consider to combat cyber security risks. 

These include: 

• Knowing who your suppliers are – perform an audit
• Triage the list – determine what access suppliers may have to your systems.
• Ask the assessment questions and get evidence from suppliers
• Interpret results with an eagle eye