New digital technologies are streamlining supply chains and bringing about efficiencies previously unthought of. Automation, robotics, mobile, wearables, and Internet of Things (IoT) are all now being introduced to lower costs and install supply chain as a growth enabler within organizations. General Electric has estimated that IoT alone will bring about a 1% improvement in productivity across its global manufacturing base, which translates to roughly $500 million in annual savings. There is also a greater onus on transparency with supply chain partners at most organizations, and the sharing of digital information down the chain improving processes exponentially.
However, while such technologies bring undoubted benefits, they are also leaving supply chains vulnerable to cyber threats, and these threats are not being dealt with to the degree that they should.
The cyber threat is constantly growing and evolving. According to Verizon's 2015 Data Breach Investigations Report, there were 2,122 confirmed data breaches in the previous year at organizations in 61 countries. These are just the instances that have been reported, many more are likely to have passed unreported. The entry routes for hackers are many, but the supply chain is a particularly vulnerable entrance point, with some estimating that up to 80% of breaches may originate there. When retailer Target was infiltrated, for example, losing roughly 110 million customers’ data and at least 40 million payment cards, the initial breach occurred through a connection established by one of its vendors, HVAC vendor Fazio Mechanical Services. Industrial control systems (ICS), which are used to monitor or control processes in industrial and manufacturing sectors, are increasingly being targeted by nefarious individuals seeking to manipulate or shut-down operations. In 2015, there were 295 recorded ICS cyber incidents in the US, up 20%.
Supply chains are particularly vulnerable to these kinds of threats because monitoring a supply chain from start to finish is incredibly difficult. Not enough companies have the kind of cyber defenses that can monitor their systems throughout the chain. There is a lack of standardization of security protocols across vendors and other partners, and supply chain leaders need to work with their vendors' to ensure appropriate cybersecurity measures are in place to prevent attackers finding a back route in. Security protocols must be standardized throughout the supply chain network and partners must be compelled to comply in their contracts.
Perhaps the most vulnerable component of the modern supply chain to cyber threats is new technology. In the 2015 Cyberthreat Defense Report, respondents cited mobile devices (smartphones and tablets) as IT security’s weakest link, but IoT and wearables are equally as vulnerable - if not more so. HP Fortify on Demand’s Internet of Things State of the Union Study revealed that 70% of the most commonly used IoT devices contain serious vulnerabilities. Security flaws built into embedded software code are difficult to detect, and the rush to bring out as many products as possible and ride the wave of the technology is leading manufacturers to forget about adequate protections and sacrifice proper security practices.
The ramifications of hacks are huge, to both supply chains and organizations as a whole, often costing millions. In order to ensure that you are not a victim, you have to work with your partners, your IT department, and ensure that all staff are properly trained to ensure best practices are followed and everyone is working collaboratively to defend the organization.