News

Planning, Prep And Mitigation: Minimise Cyber Security Risk In Your Supply Chain

cyber crime data

The threat that cyber security breaches pose to organisations only grows each year. In fact, our most recent data at Resilinc shows that cyber attacks were the eighth most reported disruption in H1 2023 – a continued challenge for project managers. Just recently we’ve witnessed London City Airport, Birmingham Airport and even UK electoral registers targeted in an attempt to steal personal data and incapacitate services, facilities or infrastructure.

These attacks have far-reaching consequences, ranging from financial losses to reputational damage. To mitigate these risks, organisations must invest in cyber security resources, adopt proactive security measures, and foster collaboration within the supply chain.

This article will highlight how businesses can take precautionary steps to prevent damage caused by cyber attacks and how to mitigate breaches should they occur.

Pre-incident planning: highlighting supplier vulnerability

Keeping track of which of your service providers and partners are particularly at risk of cyber breaches will help to ensure your own organisation’s safety. The overwhelming majority of organisations use IoT technology within their day-to-day operations, whether it’s for finding stored goods, tracking materials and services, or in more general telecommunications. This means there are now numerous ways in which breaches can disable your supply chain across any of the layers within IoT, whether it’s via the perception layer, network layer, processing layer or application layer.

The UK Government’s 2023 Cyber Security Breaches survey found that smaller organisations are identifying cyber attacks less than last year, and they may not be carrying out sufficient levels of monitoring or logging breaches.

Transparent communication between you and your partners is the first step to minimising your cyber risk. This can be achieved by first identifying and mapping who is in your supply chain down multiple tiers. Once you know who is in your supply chain, you can conduct supplier cyber security risk assessments and track relevant certifications amongst the businesses you work with down the sub-tiers of your supply chain. Quantifying which of your service providers and partners have robust management capabilities versus those that do not is critical.

Then you have the ability to monitor (24/7) all of your suppliers for any potential breaches or cyber security risk events. Through mapping and monitoring your supply chain, your organisation will be able to work to fix shortfalls, find vendors with more robust processes in place and mitigate risk through joint plans with other partners. Tracking progress is fundamental to ensuring the best security capabilities are in place: remember, communication is key to fixing supplier vulnerability!

Active incident preparation: crucial to damage limitation 

Though pre-incident planning is integral to reducing risk, cyber breaches remain an inseparable threat when using IoT and other digital technologies. In fact, spending on IoT cybersecurity solutions is set to reach over $6Bn by 2023 so this is clearly an area of growing concern for businesses today.

But the Cyber Security Breaches survey from the UK Government also revealed that 32% of businesses recall a cyber breach or attack from the last 12 months, and this figure rises for medium businesses (59%) and large businesses (69%).

This highlights that businesses have not yet stepped up their cyber monitoring capabilities enough to reduce cyber risk to sufficient levels. Consequently, nearly 90% of technology professionals detected significant risks to their software supply chain in 2022.

In the event a cyber breach does occur, you must take immediate action to contain and mitigate the damage. Such measures can include changing system passcodes, removing access to IoT services from parties that could also be impacted and notifying staff and partners so they can stay alert. Half the battle for project managers could be won simply through working closely with stakeholders.

Next, businesses should assess the impact of the cyber breach by quantifying the impact on data sets, systems and financials. Not only will this make fixing the issues easier, but this is important information that can be documented to prevent similar breaches in future. Leading on from quantifying the impact, project managers should then ensure the breach of any impact is managed. This means communicating with partners and those offering services to ensure the restoration of secure access and reliability within data sets and systems.

Strengthening processes to withstand future attacks 

Improving your processes should be a top priority for project managers across all sectors that are looking to strengthen their supply chains. Whilst data from our disruption-sensing EventWatchAI solution shows that there were fewer cyber attacks in Q1 2023 than in Q1 2022, our more recent data on reported cyber attacks highlights that disruptions actually increased by 24% globally in H1 2023 compared to H1 2022. Not to mention ongoing labour shortages within the cyber security and IT industries which have only worsened this issue.

You can also minimise the chance of a breach occurring through better staff training which provides clear objectives and procedures to follow. A significant proportion of the breaches that do occur happen through human error, so going forwards project managers should be providing appropriate training which is essential to any working environment in 2023.

By employing both pre-incident and active incident preparation strategies, project managers will be best placed to defend their business’ supply chains. Effective communication amongst staff, service providers and partners is one of the best ways of minimising cyber risk and in preparing for any breaches that do occur. Project managers should therefore look to implement a supply chain mapping and monitoring solution that identifies weaknesses in cyber preparedness as well as a mitigation process in the event of a breach.

About the author

Bindiya Vakil is the CEO and founder of Resilinc and is an award-winning expert in supply chain risk management. Crowned Supply & Demand Chain Executive’s inaugural Woman of the Year in 2020, Bindiya’s career spans 20 years. She holds a master’s degree in supply chain management from MIT and an MBA in Finance. Bindiya continues to lead the market in risk intelligence and mitigation and is credited with bringing supply chain risk management into the mainstream. For more information visit https://www.resilinc.com.

About Resilinc

Resilinc is the leading global supply chain mapping and monitoring solution with 95% of the global supply chain mapped across the industries they serve – the greatest depth of data of any company in their field.

Working alongside companies such as Ericsson, GSK, Magneti Marelli and Sellafield Ltd, Resilinc’s innovative supply chain technology has forged the gold standard of supply chain resiliency worldwide with unmatched scope and success. Resilinc protects its customers and their revenue and turns risks into opportunities to gain competitive advantage. For more information visit www.resilinc.com.

Bindiya Vakil
Related News
Related sized article featured image

Transport Secretary Heidi Alexander has launched the consultation to ask for views from industry.

Claudia Savage and Neil Lancefield
Related sized article featured image

Public fury swelled yet again at water companies’ worsening records on sewage as firms announced steep hikes to consumer bills.

Alex Daniel