FOCUS
SHIELDING The Supply Chains from Cyber Threats Supply chain attacks are mainly particularly pernicious since a single exploited supplier can result in attacks on hundreds of companies or organizations. For many firms, the supply chain is the weak link in their cybersecurity protocols. One can do all the right things to protect yourself from cybersecurity attacks, which also includes the adoption of a zero-trust approach to your network security, but if you don’t make sure your vendors are equally conscientious, you can be exposed to harm from a supply chain attack. Anil Kumar Pandey, PhD Candidate (Finance & Economics), National Institute of Industrial Engineering (NITIE), gives you a sneak peek into the ways to shield the vulnerable supply chains from the threats of cyberattacks.
H
ERE’S an astonishing statistic for you… “97% of firms have been negatively highly impacted by a cybersecurity breach or threat that looms largely on global supply chains and have gained traction and occurrence in their supply chain.” In conjunction to this, a leading global security company GreatHorn, stated, “It’s no longer enough to defend only your own organization’s attack surface. You also need to protect against phishing scams and network compromises within business partners up and down the supply chain.” This current year, according to A 2020 Global Insights Report survey, not only explores the scale of the challenge but also the amount and severity of supply chain breaches is mindboggling. It also tracks the way that different companies, industries, and regions are responding to a year of cyber crisis. The responses show a fractured landscape, with different industries and regions
36 CELERITY January - February 2022
responding differently to the challenges posed by another year of damaging, costly cyber events. Firms across all industries and across all over the globe have been investing largely in the cybersecurity. However, some firms still hesitate to have third-party cyber risk as a strategic priority and to coordinate and formalize their approach to cyber defense and to its remedy. Additionally, many firms struggle to assign the ownership of their third-party cyber risk program. Also, adversaries can now actively scan firms across the globe to identify the supply chain attack vectors that can aid significantly in the adverse cybersecurity events, including damaging data exfiltration and crippling ransomware attacks. Firms need to commit more to incorporating continuous monitoring and remediation into their third-party cyber risk program, as well as raise awareness at the senior executive and board level to help the business understand the
Anil Kumar Pandey is a Final year PhD Student at National Institute of Industrial Engineering Mumbai. He works in Supply Chain Finance and Working Capital Finance. Prior to this, he holds an MBA from Aligarh Muslim University (Supply Chain Management & Operations/Finance. He also holds a B. Tech in (Electronics & Instrumentation/ Control Engineering).
resources needed to protect the business. ENISA, regarded as the European Union Agency for Cybersecurity, monitors supply chain attacks on a day-to-day basis. They have further developed a taxonomy of supply chain attacks, which are vulnerable to the global supply chain that allows for the systematic analysis. The taxonomy is basically based on the four major fundamental elements of a supply chain attack: Attack technique used to compromise the supplier Supplier assets targeted Attack technique used to compromise the customer Customer assets targeted What is particularly interesting about this taxonomy is where it begins: While most focus – and certainly most news stories — about supply chain attacks focus on how, which and how many victims are attacked — there is
