Page 22 - Logistics News - September

Page 22 - Logistics News - September - October 2021

P. 22

S UP P LY C H A IN
Establishing supply

chain cybersecurity

By Marc Lewis: Head of Informati on Security at Visible Supply Chain Management

As global supply chains become increasingly digital, companies are exposed to risks from umpteen indirect
sources. Businesses must be proacti ve and focus on building cyber resiliency to prevent exploitati on.

system is only as strong as its weakest link and Commerce, recommends the following steps to properly
hackers will hunt meticulously to uncover a safeguard IT assets.
Avulnerable component. Th is exploitation comes at
a high price. According to IBM’s Security Cost of Data Breach Identi fi cati on
Report, $5.52 million is the average total cost of a breach Locate potential threat vectors – routes that malicious
for enterprises of more than 25,000 employees and $2.64 attacks may take to get past your defences and infect your
million for organisations under 500 employees. network – by conducting internal risk and vulnerability
assessments. Consider hiring a company to perform an
Most companies pay hackers the ransom they demand. advanced assessment.
Th is summer, Colonial Pipeline Co. and JBS SA paid
hackers $4.4 million and $11 million respectively to recover Protecti on
encrypted data after massive cyberattacks. Other impacts Take the necessary actions to protect your organisation and
include disrupted customer service, undermined trust and prevent threat events:
loss of competitive edge. • Exposure reduction. In addition to the basic protection
provided by fi rewalls and antivirus software, it’s vital to
Cybercriminals are evading barriers and identifying establish privileged access procedures. Follow the principle
weaknesses to exploit supply chains more eff ectively than of least privilege – only employees who need access to
ever before. In the case of Colonial Pipeline, hackers abused sensitive data are permitted access.
a legacy virtual private network (VPN) profi le that only
required single-factor authentication. Tools like behavioural analytics, endpoint detection
and response (EDR), artifi cial intelligence (AI) and threat
Attacks not only cripple companies, but also hurt intelligence can strengthen defences. Companies should
customers. Eighty percent of breaches involve personally adopt secure coding practices and refer to the Open
identifi able information (PII). Hackers use PII and passwords Web Application Security Project (OWASP) Top 10 Web
to access an individual’s various accounts across the web. Application Security Risks.
Additionally, any break in a supply chain – whether it is your
business or third- or fourth-party vendors – impacts the • Employee commitment and training. Employees are
production of goods and services while also driving up prices. the last line of defence in cybersecurity and one of the
most common threat vectors. It is critical to engage every
In the CrowdStrike Security Report, a survey of more employee; the executive suite is not exempt. Establish
than 1,000 participants, two-thirds of senior IT decision a culture of healthy suspicion among employees. Th is
L O GI S T I CS NEWS organisations had experienced a software supply chain campaigns to expose employees to the newest spam and
approach may seem overly paranoid, but the stakes can be
makers and cybersecurity professionals revealed that their
high.
attack. Th e same number confessed that their company is
not adequately prepared to defend against a future breach.
Institute awareness training and internal phishing
Th e National Institute of Standards and Technology

20 (NIST), part of the United States Department of social engineering techniques. Any employee who falls for a
www .l o g ist i csn e w s .c o .z a
SEP T E MB E R/O CT O B E R 2021

17 18 19 20 21 22 23 24 25 26 27