Dive Brief:
- The abundance of mobile and connected devices in the supply chain has created an opening for hackers to target operations, Supply Chain Brain reports. As a result, industry experts are debating the most practical methods to alleviate cyber risk.
- American Shipper reports a cultural disconnect exists in addressing cybersecurity. Companies that consider cybersecurity measures an investment in safety, rather than an expense, have a competitive advantage. Rigorous policies to maintain system updates and preventive measures may build resilience.
- But cybersecurity also depends on human resources, as shown by the recent Nyetya attack. The BBC reports carriers' ever-changing crews may yield to a poor understanding of cyber risks brought by personal devices, creating openings for hackers. Staff training is therefore essential to secure operations.
Dive Insight:
Neither confusion, a sense of being overwhelmed, or cost can justify a lack of cybersecurity in our current connected environment.
Recognizing that cyber security is a necessary investment is a non-negotiable reality. For companies hesitant to spend the money to enlist expert support, the realization that insufficient protection could ultimately cost even more may serve as motivation. During the Wannacry attack, for example, French carmaker Renault lost four days of production due to the event. Four days is a long time within a supply chain — can the cost of protection possibly have equaled the time lost and the business disrupted?
Now, with Nyetya fresh in mind, freight industry stakeholders are beginning to act as well. The Baltic and International Maritime Council (BIMCO) released a new version of its Guidelines for Cyber Security Onboard Ships manual. Clearly motivated by the damage done to Maersk and others, the guide seeks to highlight the importance of insurance and the effective segregation of cyber networks in order to assist in repelling full system corruption.
Outside of shipping, there are numerous solutions for advancing security within the supply chain. Educating suppliers on risk and its avoidance is one method, but it's not enough to simply educate: compliance standards must be established and confirmed as well. However, the jury is still out regarding best practices to protect a company from cyber risk, beyond constant vigilance, updates and well-thought resilience policies.
Recent attacks have revealed a truth: doing business with an insufficiently protected supplier puts the whole chain at risk, and building protection standards into business contracts can go a long way toward ensuring security down the line.