Hign noon for IT

How safe is your supply chain from cybercrime?

The true scale of cybercrime is widely unappreciated in industry; it is truly frightening. Ruari McCallion talks to experts about the nature and extent of the threats to the supply chain and materials handling industries, and how to build in system security.

Big ‘hacking attacks’, such as WannaCry, and huge-scale data breaches like that which affected GE Capital, attract banner headlines but the reality is that cybercrime is now routine. It affects companies of all sizes and across all industry sectors.

IBM’s 2019 Global Threat Intelligence Index1 found that manufacturing companies are the target of 10% of all cybercrime business attacks and incidents across the world – but that placed them as only the fifth-most targeted sector in this particular league table. As would be expected, the finance and insurance sector was top, with 19% of all attacks. Worryingly for logistics operators, practitioners and users of the physical supply chain, transportation services came second, with 13%, and retail in fourth, with 11%. This means that logistics and materials handling operations are involved with businesses accounting for around 34% of all cybercrime attacks.

According to Assured Cyber Protection Ltd, the annual cost of cybercrime is forecast to be US$600 million a year by 2021. This is likely to be an underestimate as a lot of incidents go unreported. Some have resulted in production interruption or companies having to cease operations altogether. This is major crime; the image of a social misfit engaging in malicious attacks from his mother’s basement is outdated.

Globalisation and its discomforts

“Hacking is a business model in some areas of the world,” according to Michael Rösch, Senior Vice President Customer Engagement Europe, Jaggaer, which is a provider of Cloud-based business automation technology. Some states are undoubtedly involved, as well.

The extended length of globalised supply chains has brought some real problems. The longer a chain is, the more links it has, and the more vulnerable it becomes. The risks and costs may lead some to question whether increasing reliance on IT is worth it.

“We still see many companies managing big parts of their supply chain via pen and paper, fax, Excel documents and email. Those companies are at a huge disadvantage. Without state-of-the-art systems that are tightly connected to the supply base, it is difficult to exchange information quickly and reliably. Demands are changing constantly. In the mid-term, more and more companies will use systems to digitally support their supply chains.”

So: regressing to paper-based physical systems is not the answer. The most efficient way of communicating data along extended and distributed supply chains is by using Cloud-based systems, which are accessible from anywhere. The need is for effective protection and security; businesses have to make it hard for their systems to be breached.

“Hacking is a business model in some areas of the world.”

Michael Rösch, Senior Vice President Customer Engagement Europe, Jaggaer

Prioritising protection

“Hackers are seeking highly useful information they can easily get. If the effort to hack a system is high and the value is very low, it is not of any interest,” Michael Rösch continued, but he emphasised the importance of prioritisation. “In procurement, for example, price information could be very valuable if you as a supplier participate in an online auction for a multi-million Euro deal in the automotive sector. On the flip side, price information for commodity products like pencils, notebooks and other office supplies is less of an interest and therefore not as sensitive. We recommend classifying data carefully and protecting accordingly.”

Philip Ashton, co-founder and CEO of 7bridges, a multi-industry logistics IT platform that makes extensive use of AI (artificial intelligence), observed that information security is a core capability for SaaS (software as a service) providers, whose speciality is Cloud-based systems. Vikram Singla, Strategy Director at Oracle, when asked about the security implications of storing data in the Cloud, rather than within factory (or warehouse) walls, responded by asking where it would be safer to store family jewellery: in the house or in the vault of a specialist, like a bank?

“The risks of data breaches and security threats are rising all the time,” said Philip Ashton, “and for that reason picking partners who see security as a core capability should be a key decision criterion. The biggest risk businesses face is not taking steps immediately to use their data, and in logistics this means using specialised AI. There are very few businesses that will have this in-house, and so they need to pick the right Cloud-based partners to work with to remain competitive. Just look at all the businesses that have struggled to maintain their supply chains during the disruption caused by Covid-19, while Amazon has capitalised on the disruption.”

One of the biggest risks for a business that has a long, complex and global supply chain is the limited time it has to appropriately manage a large number of integrations with suppliers, customers and partners. “Each of these is a potential vulnerability, and allowing specialist Cloud-based SaaS systems, like 7bridges, to transact with an ecosystem means you have just one integration to secure,” he said.

Jaggaer is in agreement, adding that Multi Factor Authentication, strong passwords, and an accurate role and right management, are useful to protect confidential information. It uses additional encryption techniques and audit logs to provide extra layers of security.

Change keeps coming; updates are essential

But the landscape is changing. New applications are constantly being developed and the capabilities of existing systems are extended pretty much weekly. End-user requirements are shifting, too: the talk of reshoring, near-shoring and shorter supply chains means that demands will be different, with possibly smaller deliveries but many more of them. Alongside these is the increasing sophistication of cybercriminals.

Vikram Singla’s case for handing responsibility over to those who specialise in it seems very solid. Philip Ashton asserts that, post-Covid, businesses will need more agile and efficient supply chains, which in turn will drive an increased need to deploy AI and access an ecosystem of suppliers, customers and partners. This will create new security challenges for businesses that manage this in-house.

Michael Rösch concluded: “In the mid-term, more and more companies will use systems to digitally support their supply chains. These investments will lead to more security and new techniques to protect customers, users and supply chains – and I bet AI will play a big role in it.”

1. Source: “Cyber Security and Manufacturing”; MakeUK, 2019.