UK supermarket supply chains hit by cyber attack on Blue Yonder
Services may again be operational, but a cyber attack against US-based supply chain SaaS provider ...
EXPD: 'NO-LAYOFF POLICY' EXPD: LEGAL RISK FWRD: REACTIONWTC: BOLT-ON DEALDSV: BLACKROCK HOLDING UPDATEAMZN: TOP PICKDSV: MORE OF THE SAME GXO: DOWN EXPD: IN THE DOCKAAPL: CHINA WOESFDX: ABOUT USPS PRIVATISATIONFDX: CCO VIEWFDX: LOWER GUIDANCE FDX: DISRUPTING AIR FREIGHTFDX: FOCUS ON KEY VERTICAL
EXPD: 'NO-LAYOFF POLICY' EXPD: LEGAL RISK FWRD: REACTIONWTC: BOLT-ON DEALDSV: BLACKROCK HOLDING UPDATEAMZN: TOP PICKDSV: MORE OF THE SAME GXO: DOWN EXPD: IN THE DOCKAAPL: CHINA WOESFDX: ABOUT USPS PRIVATISATIONFDX: CCO VIEWFDX: LOWER GUIDANCE FDX: DISRUPTING AIR FREIGHTFDX: FOCUS ON KEY VERTICAL
To supply chain executives, the risk of cyber attack is one of the biggest headaches, but companies are dragging their feet when it comes to spending money on beefing up their IT security.
Cyber attacks on enterprises have become routine fare on logistics and supply chain news platforms and channels, such as the recent hit on software provider Blue Yonder, which affected the supply chains of two major British grocery chains, among others.
Since 2021, cyber attacks targeting supply chains have surged 431%, according to a report published in November by insurance provider Cowbell. Based on three years of data from over 46 million SMEs across the US, UK and Japan, the OpenText Cybersecurity 2024 Global Ransomware Survey found that 73% or respondents had experienced a ransomware attack this year.
It’s not only the volume of cyber attacks that has risen, but also the quality. The OpenText survey noted that the new generation of threats were more targeted, and increasingly used AI in ‘phishing’ attacks to breach companies’ defences.
No wonder executives are worried. A survey of 1,000 IT professionals across various sectors in the supply chain industry, by device management solutions provider Hexnode, found 77% of employees were apprehensive about cyber security threats within their organisations’ supply chains.
Of the more than 450 supply chain executives polled for another survey, recently published in a white paper by Reuters and Cargowise, 94% expressed concern over vulnerability in their technology stack, with 24% very or extremely concerned.
Cyber security emerged as the second-biggest global risk in respondents’ eyes, trailing geopolitical tensions.
The authors of the white paper note that most supply chains operate on a broad mix of systems, which offers criminals multiple points of vulnerability to attack. More than a quarter (29%) reported having “disparate local solutions tailored to specific countries”, and 55% described their approach as a “piecemeal mix of global and local solutions”.
The high level of concern apparently does not translate into a sense of urgency to take protective action. Only 31% of the firms polled invested money in cyber security last year, the Reuters/Cargowise survey shows, which trailed spend on transport management systems (by 42% of respondents), digital documentation (41%) and warehouse automation (35%).
And a quarter of those polled did not have cyber insurance cover, with 3% stating that it was too expensive.
Cyber security experts urge companies to take protective steps, starting with an annual risk assessment and a programme for employee training. Investment in cloud security is also highly recommended. This is an area where AI, which is widely viewed as a threat rather than a boon, can make a positive difference by monitoring systems and sifting through security data to spot suspicious patterns that could herald an imminent cyber attack.
Apu Pavithran, founder and CEO of Hexnode, emphasised that setting up a cyber security defence was not about buying a one-off solution, but also ongoing monitoring, adaptation and co-operation.
Another key element is increased vetting of supply chain vendors and suppliers. Audits and checks are expected to become standard procedure, with industrial cyber security standards applied to ensure compliance.
To begin with, companies need to loosen their purse strings and invest in security.
The cost impact of an attack will likely far exceed the spend on protective measures. The authors of the OpenText paper noted that afflicted companies “are still paying ransoms at an alarming rate”, and urge readers not to do so.
“If we are to disrupt the growing trend of ransomware attacks, it starts with companies refusing the pay the ransom and, instead, relying on their cyber resiliency playbook,” they stressed.
At the very least, with or without investment in cyber security, companies need a response plan to spell out what to do in the event of an attack. Mr Pavithran noted that 42% of organisations are ill-prepared for attacks, as they do not have a clear and effective incident response plan.
Comment on this article