• Saturday, December 02, 2023
businessday logo


Addressing cybersecurity as a supply chain issue

Addressing cybersecurity as a supply chain issue

Supply chain systems are becoming increasingly susceptible to cybersecurity breaches. According to a report published on HelpNet Security, a foremost publication focused on cybersecurity reportage, more than 10 million people were impacted by supply chain attacks targeting 1,743 business entities in 2022 alone. This data breach differs from another 70 malware-based cyber attacks on supply chain systems that affected 4.3 million people in 2022 alone.

Given the far-reaching consequences of cyber and malware-based attacks targeted at supply chain systems, it is pertinent for organizations to begin incorporating cybersecurity as an integral part of their overall supply chain system.

Indeed, business executives are aware of supply chain resilience’s importance.

According to a McKinsey survey of supply chain executives, 93 percent revealed that they are taking steps to make their supply chain systems more resilient. And yet, Gartner reports that just 21 percent of supply chain leaders believe their networks are “highly resilient.”

To significantly fortify their supply chain systems against cyber-attacks, companies must implement a comprehensive cybersecurity awareness solution, and they must do this by working with their business partners. Given that the three most common cybersecurity risks affecting supply chain companies include data leaks, data breaches, and malware attacks, companies need to incorporate strategies that protect against leaks of sensitive data, breaches of personal information, and malware attacks that are nefariously delivered and installed on supply chain end-user systems and servers.

Data leaks damage a brand’s reputation, cause customer losses, damage, and corrupt company databases, create legal and compliance consequences

Following a report that over 422 million people were compromised in supply chain attacks in 2022 alone, I bet cybersecurity attacks are an issue your company should take seriously. In the rest of this article, I will outline practical ways companies can protect their supply chain against cybersecurity attacks in the mould of data leaks, data breaches, and malware attacks.

Protecting your supply chain against cybersecurity breaches

1. Guiding your company against data breaches

Data breaches constitute one-third of all cybersecurity breaches. According to HelpNet, in the period July 2021 to June 2022, nearly 45 percent of all data stolen came from personal employees or customers. Companies’ source code and proprietary data also accounted for 6.7 percent and 5.6 percent of all data stolen within the period, respectively.

Imperva, a leading cybersecurity company, has identified six of the most common oversights enabling data breaches. They include a lack of multi-factor authentication, limited visibility of all data repositories, poor company password policies, mis-configured data infrastructures, limited vulnerability protection, and not learning from past data breaches.

i) Improving multi-factor authentication: To guide against data breaches, your company must improve its Multi-Factor Authentication (MFA) process. MFA is a multi-step account login process that requires users to enter more information than just a password. Supply chain companies must, therefore, implement login processes that go beyond the imputation of a password. A credible MFA system makes it harder for a cyber-hacker to use stolen credentials to access sensitive information.

ii) Scaling-up visibility into data repositories: The longer the length of your company’s supply chain, the more data your company will handle. And this is where effective data management comes in. Otherwise, you will allow cyber hackers to breach your data. Effective data management procedures include centralized data management, seamless data analysis, and operationalizing scalable data repository systems. Some credible data repository systems include Amazon S3, Microsoft Azure Blob Storage, Google Cloud Storage, Snowflake, and Apache Hadoop Distributed File System.

iii) Implementing strong password policies – Your company must conduct routine employee training sessions on password security. The critical aspects of a strong password include extended length, a unique mix of uppercase and lowercase letters, inclusion of number symbols, no ties to a person’s personal information, and no dictionary words.

2. Protecting your company against data leaks

A data leak differs from a data breach. While a data breach is when sensitive information is accessed, stolen, or used without authorization, a data leak is when sensitive information is negligently disclosed or exposed, often due to a mistake or personal oversight.

From the given definition, we can observe that third-party cyber hackers cause data breaches, while the careless actions of employees or other insiders working within an organization cause data leaks.

Data leaks damage a brand’s reputation, cause customer losses, damage, and corrupt company databases, create legal and compliance consequences, lead to loss of private information, create identity theft, and cause many other operational setbacks. Little wonder that IBM and the Ponemon Institute revealed in 2020 that the average cost of a data breach worldwide, including data leaks, runs into more than $3.86 million.

This Forbes report has outlined a few measures to protect your company against data leaks. Some of these include limiting access to your company’s data access; improving your company’s general security by implementing more robust architectural data systems like firewalls, VPNs, traffic monitoring and restriction systems, and routine updates to your cyber systems; training your employees to follow best practices for data security; establishing protocols and hierarchies to address common cybersecurity threats. You must also conduct routine audits to evaluate your company’s data security activities.

Read also: Cybersecurity – managing risks in the information age

3. Fighting off malware-related attacks targeted at your company

Globally, 30,000 websites are hacked daily, while 300,000 pieces of malware are created daily. It doesn’t end there. Approximately 2,244 malware attacks happen on the internet daily, and new malware attacks occur every 39 seconds.

To fight off malware-related attacks targeted at your supply chain, you can do the following: keep all company systems, software, and applications up-to-date at all times; make email monitoring a top priority; put constructive web or URL filters into play; educate your customers on the risks and warning signs of malware attacks targeted at your company. Add firewalls and other filtration systems into your system; and encrypt critical files and folders.

In conclusion

Cybersecurity challenges against supply chain systems can become a thing of the past if companies are willing to do the sisyphean task of protecting their supply chain against data leaks, data breaches, and malware attacks. And why shouldn’t they? Because the economic consequences of cybersecurity attacks are unwarranted.