Cybersecurity in the Supply Chain: Risk Management Best Practices

Supply chain cyber security is the global consumers’ number one concern in 2024. Recent geopolitical events since 2022 have posed an even higher risk of data breaches. In 2023 alone, 1 billion dollars in fees were paid globally for ransomware attacks. 2023 was the most devastating year yet, full of unfortunate ransomware attacks and 2024 will be no different.

The most exposed businesses are crucial for domestic economies; specifically, those in great danger, are dependent on international trade. This risk is affecting supply chain reliability. Companies today are more cautious about securing the flow of goods and raw materials.

To become more resilient, companies are paying more attention to cyber supply chain risk management. Supply chain cybersecurity involves taking steps to evaluate all risks and outline actions to prevent losses.

This article will examine the devastating effects of improper work over cybersecurity in the supply chain. You will find out more about the best risk management practices for cybersecurity. Thanks to these insights, you will find the value of securing your business operations better. You’ll know what security Incident Response is and how to track footprints when your Supply Chain is facing an attack.

 

What is cybersecurity in the supply chain about?

International organization pressure, COVID-19, and supply chain challenges have been the only issues we have had to consider in recent years. The companies integrated within supply chains are de facto the ones most exposed to the risk of ransomware attacks. They fight every day to mitigate risks.

Knowing that most supply chains in today’s economies are based on imports and exports, we perceive cybersecurity in supply chains as a global challenge. Only a very small number of countries are able to manufacture complete products end-to-end without importing raw materials. This becomes even more challenging for companies involved in the technology industry, such as automotive or robotics and automation. That’s why, even if your company is operating in the local market, you’ll most probably be challenged by cybersecurity concerns.

Here’s how it works:

First intrusion: Cybercriminals use phishing messages or malware to access a supplier or service provider’s system.

Impersonating trusted senders: Once inside, attackers can mimic legitimate email accounts on the infected system.

Targeting customers and partners: Attackers use these fake accounts to launch phishing campaigns, fraudulent invoices, or other attacks on vendor customers and partners.

Extended threat: If a customer’s system is compromised, attackers can steal sensitive data, deploy ransomware, or use the access to launch further attacks.

Security issues can affect third-party suppliers that deliver your factory spare parts or components for assembly to complete your product on the production line. Therefore, it doesn’t have to be a direct impact but an indirect one.

In the end, a lack of cybersecurity risk management can affect exports, whether air freight, sea freight, rail freight, or road transport. These are the most common ways of shipping, and the entry for hackers is significantly extended to damage your business.

 

 

Example of a cybersecurity breach in the supply chain

An example can be found in the railway industry, which is highly important for intermodal transport and can be affected in various ways. It’s evident that transporting goods with containers is the most efficient, but it can actually combine sea freight, rail freight, and road transport.

Furthermore, looking into the automotive industry, we can see companies such as Škoda Auto or other manufacturers that order components for production from Taiwan. Ocean shipping takes nearly 20 days. When the shipment arrives at the Port of Rotterdam in the Netherlands, containers will be unloaded and placed on train cargo to move to Česká Třebová in the Czech Republic (the main in-transit point for containers in the NL-CZ direction). Later, they should be unloaded onto truck trailers and delivered to one of the Škoda Auto facilities. However, in cases where carriers connected to the MENTRANS group network, the primary carrier for Central and Eastern Europe for the Port of Rotterdam, are affected by a cyber attack, the supply chain is broken.

The European Union Agency for Cybersecurity (ENISA) provides a more detailed example of statistics. The ENISA states that ransomware is the main threat to the rail sector, accounting for 45% of cyber attacks. Data-related threats accounted for 25%, as did denial of service (DoS), distributed denial of service (DDoS), and ransom denial of service (DDoS) attacks.

The report says that the increasing proportion of DDoS attacks in the rail sector is due to the increased hacktivist activity that followed the invasion of Ukraine, undertaken by pro-Russian or anti-Nato groups. That is why this is the beginning of this article.

 

 

What are the different types of supply chain attacks?

As already explained, supply chain attacks pose a growing threat to cyber security. Unlike traditional cyberattacks that directly target an organization, supply chain attacks exploit the trust between companies and their suppliers or service providers. In the long run, it can affect all stakeholders in the supply chain.

Whether it is a career like the MENTRANS group network or distribution center, the risk is visible to every extent. Nevertheless, we can assess the development of how cyber attacks work.

Hackers can exploit your supply chain in several ways. They can send fake emails to get you to provide login credentials (account takeovers), plant malware such as Stuxnet, NotPetya, Sunburst, or Kwampirs, or impersonate someone you trust (as in the Business Email Compromise scam).

We know that internal networks are pretty well secured and the way hackers can enter your organization is open to two types of supply chain attacks.

Business email compromise (BEC)

Email fraud occurs when attackers impersonate trusted individuals like business partners, suppliers, or vendors. The recipient is then tricked into making bank transfers, paying fake invoices, or redirecting payroll funds, all of which aim to alter future payment details. Sometimes, attackers breach a supplier’s genuine email account to pose as them or infiltrate existing email conversations.

Another tactic involves sending spam emails to specific individual email addresses. This approach relies on typical techniques where spammers use patterns in email construction. For example, if an email address is constructed with a name, dot, and surname, such as “Patric.Leman@easycargo.com,” it becomes easy to identify other individuals’ email addresses within the organization to spam their mailboxes and do phishing.

Software supply chain attacks

Supply chain attacks target software systems such as WMS (Warehouse Management System) or TMS (Transport Management System). These attacks occur when attackers infiltrate a vendor’s software systems.

However, the most common breach is associated with B2B platforms that manage procurement activities for the supply chain to lower financial risk. Often, these breaches infect future distributions sent to customers and partners. This means that administrators may receive fake requests for transport or purchase orders. Although less common than other attacks, these breaches can impact multiple victims simultaneously and lead to risk management program methods.

The sequence of events associated with attacks usually looks like this:

1. You receive an email with an Office or PDF file.
2. Antivirus software scans the file but finds no virus because ransomware is not included in its code.
3. You open the email and document with MS Office or Adobe Acrobat to view or create a preview/icon of the file.
4. The executable code of the document runs.
5. The malware is downloaded from the Internet, often from a site controlled by a hacker. The malware may be encrypted during the download, fooling the virus scanner, which sees only unrecognizable data.
6. The downloaded malware is ran, probably on a Windows script host.
7. A “privilege elevation” occurs, granting system rights to the malicious code. This requires a bug in the operating system or software with administrative privileges.
8. The malware installs itself on the system, usually in a way that is very difficult to remove.
9. Operating in the background, potentially undetected for days or weeks, including:

a) Data encryption

b) Simultaneous exfiltration of that data to a server controlled by the attacker.

c) Simultaneous spreading across the network and fast infecting and encrypting more data and systems.

 

 

Cyber Supply Chain Best Practices

Cyber security in the supply chain goes beyond just IT departments. We need to be aware that Cyber threats in the supply chain extend to these areas:

Procurement: Cyber threats can appear in procurement through targeted phishing messages impersonating legitimate suppliers, leading to fraudulent transactions or account breaches.

• Supplier management: Weaknesses in supplier cybersecurity practices, such as inadequate data protection measures, can expose sensitive information to unauthorized access or data breaches.
• Supply chain continuity: Cyber attacks on critical systems or infrastructure, such as ransomware attacking manufacturing facilities or distribution centers, can disrupt supply chain operations, leading to production delays or shortages.
• Quality management: Cybersecurity incidents, such as tampering with product specifications or introducing malware into production systems, threaten product quality and safety standards.
• Transportation Security: Cyber threats to transportation systems include GPS spoofing attacks on shipping containers or ransomware affecting logistics software. It can disrupt the flow of goods and threaten their security during transportation.

 

How do we prevent cyber attacks?

Addressing the threats mentioned above requires a coordinated effort across the organization. Here are the best practices for preventing a system compromise.

1. Assume a breach and manage risk

Develop your defenses based on the assumption that your systems will be breached. This allows you to focus not only on preventing breaches but also on mitigating and recovering from them.

2. People, processes, and knowledge

Cyber security is not just a matter of technology but of people, processes, and knowledge. Breaches are often caused by human error. IT security systems require secure practices on the part of employees throughout the supply chain.

3. Don’t neglect operational risk

Don’t neglect risk management. Risk avoidance and not paying attention to risk are not the same thing. Potential vulnerabilities should be recognized and eliminated to minimize their impact on the organization. This involves continuous evaluation and improvement of safeguards.

4. Comprehensive security

Security is comprehensive. There should be no gap between physical and cyber security. Gaps in physical security can lead to cyber attacks and gaps in cyber security can be exploited to gain physical access.

 

 

Example from a container loading software for transportation

Regarding transportation security, we can give an excellent example from our specific niche. As a container-loading software provider, we can share direct ways to cyber-secure your business when it comes to shipping.

System diversification

First, you should consider diversification to some extent. It’s better to use loading software that isn’t solely part of a bigger solution but a separate system. This way, you can handle load planning and shipping without issues that arise when all systems are down due to a cyberattack affecting core systems like ERP or WMS.

You can still perform actions related to shipping without losing operational capabilities. The interconnected nature of modern supply chains makes diversification even more critical. The power of standalone solutions can improve business and prevent t a domino effect. Therefore, the ERP system can be integrated but with diversification in mind.

Control access

The strategic issue concerning information security and data breaches revolves around access. Container loading software functions solely in-house, but if you need certain capabilities to share data with your suppliers or vendors, you can utilize a public link for a fully interactive 3D load plan.

While this option is limited and prevents integration into your load planning, it enables stakeholders to review container layouts. Furthermore, as in any other situation, you don’t have to provide system accounts to stakeholders or credentials to log in, which can lead to data leaks or serve as vulnerable entry points for hackers.

 

 

Cybersecurity risk management

To better handle cyber security, the main threats in the cyber supply chain are important. Here are key cybersecurity considerations for the supply chain:

• Third-party service providers or vendors, from cleaning services to software engineering, can gain access to your systems.
• Poor security practices by downstream vendors.
• Compromised software or hardware from vendors.
• Software vulnerabilities in supply chain management or supplier systems.
• Counterfeit hardware or hardware with malware.
• Data storage by third parties or data aggregators.

As indicated above, the subject leads to the process referred to in the business as risk management. In these cases, each company needs a truly individual approach to the problem. The most important aspect might be detecting all vulnerable touchpoints. If your company is exposed to one of these threats from above, you should take proper precautions to handle it before it is too late.

The drawbacks of today’s issues with cybersecurity in the supply chain are well-known and understandable. You’re exposed to potential risks and you can lose your ability to run your business operations smoothly. Today, technology offers independent enterprise risk management to ensure your business in the supply chain.

 

 

There are three steps in the risk management process within a robust risk management program:

 

1. Risk Assessment

Information Classification: Categorization of information assets based on their sensitivity and criticality to identify risks.

Process risk identification: Recognizing potential threats to the confidentiality, integrity, and availability of information.

Identifying Vulnerabilities: Identifying weaknesses in systems, processes, or controls that can be exploited.

Risk Analysis for Information Assets: Assessing the likelihood and impact of identified risks to information assets.

Method Selection: Selection of an appropriate risk management and assessment methodology, such as qualitative or quantitative analysis. All of that is for putting in place the risk reduction measures that manage risk.

Summarize and Communicate Risks: Condense findings into practical insights and effectively communicate risks to stakeholders through clear and concise reporting.

 

2. Risk Mitigation and risk management plan

Identify Options: Explore different courses of action to address identified risks.

Selecting Options: Selecting the most appropriate approach, considering cost, feasibility, and effectiveness.

Implementation: Rapid and effective implementation of the selected mitigation strategy.

Accept: Recognize and tolerate risks that fall within acceptable thresholds.

Transfer: Risk transfer to another party through outsourcing, insurance, or contractual agreements.

Risk Mitigation: Implementing controls and safeguards to reduce risk impact.

Risk Avoidance: Taking proactive steps to eliminate or minimize exposure to high-risk scenarios.

 

3. Risk evaluation and enterprise risk management

Monitoring and Review: Continuous monitoring of the effectiveness of risk management activities.

Updating Risk Assessments: risk assessments should be reviewed and updated regularly to reflect changes in the business environment or risk landscape.

Adjust risk management standards: Modify risk mitigation strategies based on new information or changing risks. Elaborate on new risk management standards.

Learning from Incidents and Risk Controls: Learn from past incidents or strategic management errors, as well as near misses to improve future risk management activities. Set up strong regulatory compliance in your business strategy. This can be security analysts where you can consider purchasing an insurance company to secure against cybersecurity threats.

 

Summarizing risk management and cyber threats

Supply chain cyber security has become a pressing issue for global consumers in 2024. Recent geopolitical tensions and the ongoing threat of data breaches have increased risks. Ransomware attacks alone cost companies billions in 2023, underscoring the ever-evolving nature of cyber threats and their challenges.

Businesses critical to national economies, especially those heavily dependent on international trade, are particularly vulnerable. This increased risk highlights the urgent need for solid risk management practices in the cyber supply chain. You need effective risk management and lower risk sharing between stakeholders.

You should consider robust risk management standards and strategies to protect your company from cyber threats in the supply chain. You should start by applying risk assessment practices to identify vulnerabilities and potential threats.

Continually assess and update your risk management strategies to stay alert in the face of ever-changing threats that affect supply chains. Business leaders should know that by diversifying their software solutions, they can increase cyber security in their supply chain. You can secure your operations, minimize potential disruptions, and secure the future of your business. Contact us today if you would like to learn more about our cyber-secure solution which is our container loading software.