Skip to main content
close search
site logo
Dive Brief

The cyber supply chain belies a great risk

Published March 26, 2018
By
Contributor
Getty Images

Dive Brief:

  • Cyber attacks are getting more complex, disruptive and frequent, according to Symantec's annual "Internet Security Threat Report" and Dark Reading's subsequent coverage of the report.  
  • Attackers are now hijacking software updates as an entry point to target networks upstream in the supply chain. Nyetya, a global attack costing FedEx and Maersk millions, started this way. Such attacks rose 200% in frequency from 2016 to 2017, according to Symantec.
  • The rise in supply chain threats reveals a trend: malicious agents are starting small, dwelling within systems for years and striking unnoticed at a later date. Symantec notes 71% of attacks in 2017 began with spear phishing. Mobile malware variants were up 54% year-over-year, while IoT attacks rose 600%. 

Dive Insight:

Chilling. We can’t stop suppliers from "back door" selling, or stop maverick spend from renegade requisitioners with a credit card and a search engine. But now we have to work to prevent cyber attacks, not only in our own organization, but also throughout the supply chain.

Yikes. Where is Batman when we really need him?

In the past couple of years we’ve reluctantly added cyber security into our supply chain risk profile. Sure, we’d seen some internal network disruptions due to a virus or two, or read about ransomware attacks that impacted other companies and their supply chains, but not ours. But things are getting more complicated, and fast.

We've come to learn the hard lesson that social media is really not that social, and it is being used in nefarious ways. I see when I access Facebook at work — purely to look at my suppliers social media’s strategy by the way (ahem) — I see far too many of my colleagues "active" on chat. 

But seriously, due to the latest privacy breach, I also have logged out of Facebook at home and at work, with a goal of full deletion. It seems to be an easy way in from some bad actors and I don’t want to be complicit. I just don't care that my old high school friend, who I have not seen in many a decade, has mastered his favorite shrimp dish.

So what’s a buyer to do? In an era of IoT, digital buyer-seller relationships, and robotic process automation, our vulnerabilities to cyber damage are increasing. We may have the cyber tools and protection on our networks, but do our suppliers? And theirs? Oh, and theirs?

I am not going down the road that is easily traveled, insinuating that all cyber threats emanate from low cost sourcing countries. They don’t. And while televisions suggest bad cyber actors come from former eastern block countries, that’s not the case. They can come from anywhere.

So add cyber security as a worry that keeps you up at night. Speak to your suppliers, some of which are sadly still running Windows 95, or even Vista. And while you are at it, check the anti-virus software on your home computer. Something tells me that you have been clicking ‘remind me later’ when it is asking to update your system with the latest security patch. Sadly, I do as well.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
YMX Logistics and Orange EV Join Forces to Deliver Zero Emission Transportation Solutions to Y…
From YMX Logistics, LLC.
November 18, 2024
AutoStore™ Strengthens Leadership Team with Keith White as Chief Commercial Officer
From AutoStore
November 04, 2024
Automated Logistics Systems Simplifies Customs Clearance with Descartes Foreign Trade Zone Sol…
From Descartes Systems Group
November 18, 2024
Registration Opens for CLDA’s 2025 Final Mile Forum
From Customized Logistics & Delivery Association
November 13, 2024
Editors' picks
Latest in Risk and Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell