2023 Supply Chain Insights: Part 2: Cybersecurity in the spotlight

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on digital trust, environmental, health, safety, security, and sustainability.

A cyberattack on a supplier or other member of the supply chain can compromise sensitive information, disrupt operations, and lead to significant financial losses impacting all parties in the chain. – Mark Brown, Global Managing Director, Digital Trust Consulting, BSI

BSI’s recent Supply Chain Risk Insights Report reflects on the global impacts surrounding supply chain cyber vulnerability and ransomware risks, price inflation, labor issues, and recent legislation requirements. In part one of our report series, BSI Security and Resilience, Practice Director Tony Pelli examines the benefits of diversification to reduce risks within your supply chain. Now in part two, we uncover why the increase of cyberattacks in the digital supply chain must become a top priority for organizations.

Digital supply chain in focus

The digital supply chain refers to the interconnected network of systems and devices that are used to manage and track the flow of goods, services, and information in an organization. These systems and devices include everything from enterprise resource planning (ERP) systems and internet of things (IoT) devices to cloud-based services and mobile applications. The increasing use of these technologies in the supply chain has led to a rise in the number of potential vulnerabilities that can be exploited by cybercriminals.

Cyberattacks on the digital supply chain

The increase of cyberattacks in the digital supply chain poses a significant risk to the security and integrity of the entire supply chain. The increasing interconnectivity of the digital supply chain means that a single point of failure or vulnerability can trigger a cascading effect on the entire network, and indeed a supply chain ecosystem. A cyberattack on a supplier or other member of the supply chain can compromise sensitive information, disrupt operations, and lead to significant financial losses impacting all parties in the chain.

According to BSI’s intelligence analysts, 2022 saw a notable increase in the frequency and sophistication of digital supply chain attacks. Take the SolarWinds and Colonial Pipeline Co. for example. Cybercriminals are targeting an already stressed supply chain, and cargo thieves are targeting higher value goods, whether it be based on demand, food and beverage products for example, or based on shortages, like electronic goods.

As a result, organizations need to urgently address their digital risks, recognizing that in many cases the simplest way to breach physical defenses is through technology and to breach technological defenses is through physical attack.

The rationale behind supply chain cyberattacks is a key factor worth remembering. The increase of ransomware attacks targeting the supply chain is significant, as the perpetrators know they are likely to be paid a ransom, given the significant and often instantaneous impact an attack has. It is not just a single organization that gets affected, it is a whole ecosystem of companies within that supply chain. This makes it more likely that the targeted company will pay the ransom to quickly resolve the issue.

Keeping up with an uncertain market

In the last year, it seems the supply chain cannot keep up with an uncertain, fast-changing market. The unbalanced supply and demand between countries has driven product shortages and delays, plus made cargo susceptible to tampering and theft. In turn, from a macroeconomic perspective, this surge in demand, complicated further by government policies and extraneous events like geopolitical conflict, are causing added unheralded inflationary pressures.

This is driving unrest in the supply chain through issues such as inventory and stock shortages as we have seen with the US warehouse, or greater labor unrest as seen with the labor strikes across the globe. The impact of strikes is further exacerbated by the rising cost of living and the loss of purchasing power for basic goods like food, fuel, and shelter, creating a spiraling impact of inflationary pressures into society and the supply chain.

Protecting the digital supply chain

Organizations are advised to take the following steps to protect their digital supply chains from cyberattacks:

  • Implement robust security measures such as encryption, firewalls, and intrusion detection and prevention systems.
  • Regularly monitor and update systems and software to address vulnerabilities.
  • Secure new technologies that are easily accessible via remote channels.
  • Conduct regular risk assessments and implement incident response and continuity plans to be prepared in case of a cyberattack.

The digital supply chain is a prime target for cyber criminals, and it is now critical for organizations to keep a close eye on this, to help lead us towards a more sustainable future. A mantra for business continuity is “fail to prepare, prepare to fail.” The levels of digitization of society and the supply chain make this mantra applicable to how the digital supply chain needs to be managed. If as an organization you want for things to go wrong, they inevitably will and the resilience to the impacts will be significant. Proactive and continuous management of risks is now fundamental to ensure that the digital supply chain does not become the #1 risk to organizational business continuity and smooth operation.

In part three of our series, Jim Yarbrough, Practice Director, Supply Chain, BSI walks through processes to implement within your organization’s supply chain, to help ease the pressures of global uncertainty.

Download BSI’s Supply chain risks insights report here and listen to Intelligence Insights & Enhancements: A Preview of the 2023 BSI Supply Chain Insights Report with Jim Yarbrough, Practice Director, Supply Chain, BSI for a report summary. Register for our OnDemand webinar, BEYOND THE STORM: How organizations can transition from survive to thrive in 2023.

For more BSI insights on other EHS and Digital Trust topics, visit our Experts Corner. For real time updates on top supply chain issues, register for BSI’s Connect SCREEN tool; this platform provides daily analysis on the latest and most relevant global supply chain trends.

Mark Brown

Mark Brown

Mark Brown, Global Managing Director of BSI Digital Trust Consulting, has more than 20 years of expertise in cybersecurity, data privacy and business resilience consultancy. He has a wealth of knowledge including extensive proficiency on the Internet of Things (IoT) and the expanding cybersecurity marketplace.

View digital trust >