cybersecurity Archives - Total Supply Chain Summit | Forum Events Ltd

Total Supply Chain Summit | Forum Events Ltd Total Supply Chain Summit | Forum Events Ltd Total Supply Chain Summit | Forum Events Ltd Total Supply Chain Summit | Forum Events Ltd Total Supply Chain Summit | Forum Events Ltd

Posts Tagged :


Cybersecurity risk a primary buying consideration for Chief Supply Chain Officers

By 2025, 60% of supply chain organisations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements.

As the surface area of digital supply chains expand, enhanced cybersecurity is a key theme that Chief Supply Chain Officers (CSCOs) will look to scale this year.

“Our survey data has shown an aggressive stance among CSCOs who are looking to invest in growth through multiple new technologies,” said Brian Schultz, Senior Director Analyst in Gartner’s Supply Chain Practice. “However, each new technology introduces new partners, vendors and service providers into the digital supply chain. The implication for cybersecurity risk is an ever-growing number of new pathways to potential attacks from malicious parties.”

Gartner surveyed 499 supply chain leaders between October and December of 2022 and identified the top supply chain technology trends for 2023. On average, respondents indicated that 73% of their supply chain IT budgets will be allocated to driving business growth and enhancing performance.

Based on the survey data, Gartner projects that one third of supply chain organizations will utilize industry cloud platforms by 2026 and predicts rapid growth in the use of composable application architecture, both of which will primarily rely on the use of external vendor support.

“CSCOs are under pressure to reduce costs, mitigate external disruptions and keep up with a rapidly changing technology landscape,” said Schultz. “In evaluating new technologies to drive growth and manage costs, a revamped approach to third-party risk assessment will be necessary to inform buying decisions, as a successful cyberattack on the supply chain is almost unique in its position to undo nearly all of the key objectives of CSCOs this year.”

CSCOs’ focus on cybersecurity is being driven by more factors than just an increasingly digital supply chain. Concerns about digital supply chain vulnerabilities are coming from C-Suite partners, boards, government regulators and customers. The result is to put CSCO’s cyber-resilience policies under the spotlight like never before.

According to Schultz, CSCOs will need to revamp their third-party risk assessments of outside partners as part of a larger cybersecurity program with clear standards developed in collaboration with risk owners across the C-Suite, including the CIO, CISO and internal audit. The standards in the plan should specifically address:

  • Up-to-date third-party cybersecurity standards
  • Mechanisms for enforcement of these standards in contractual language via executed and amended contracts
  • The development of an audit program to enforce the supply chain cybersecurity plan

“A supply chain cybersecurity program will play a significant role in future buying decisions and third-party risk mitigation,” said Schultz. “In addition, regular audit data from a supply chain cybersecurity program can serve as key performance indicators that can be reported to the board, auditors and business partners.”

Retail and manufacturing sectors ‘most likely’ to be targeted by a cyber-attack

Health, education, retail, and manufacturing sectors continue to be particularly vulnerable to cyber attacks and data breaches, according to analysis of recently released 2021 ICO data.

CybSafe analysed data from the Information Commissioner’s Office (ICO) – the UK’s independent body upholding information rights – following its previous analysis of ICO data for the first half of 2021 to discover the details behind the UK’s cyber security breaches throughout the entire calendar year.

While health and education remain particularly vulnerable to data breaches, the retail and manufacturing sector suffered twice as many cyber attacks as either sector, accounting for 20 percent of attacks overall in H2 of 2021.

Statistics within the retail and manufacturing industry also highlight a more general trend. The sector saw an increase in ransomware attacks, accounting for 27 percent of all attacks in 2021, up from 23 percent in 2020. In contrast, phishing attacks declined, falling from 31 percent in 2020 to 26 percent in 2021. This marks the first-time ransomware attacks have superseded phishing within the sector. Throughout 2021, ransomware saw a notable rise, accounting for 30 percent of attacks between July and December, up from 24 percent between January and June.

While the ICO data highlights phishing as the most common form of attack at just under 30 percent, ransomware continues to be an increasing threat to every sector.

As sectors adapt to life post-pandemic, the education sector is a prime example of how the cyber security landscape has changed for good. ICO 2021 data shows ransomware attacks increased to 22 percent (up from 19 percent), suggesting the trend is not subsiding despite children returning to the classroom. The sector saw a steep rise in ransomware attacks mid-way through 2020. They accounted for 26 percent of attacks in the first half of 2021 compared to just 11 percent in the previous year.

Oz Alashe, CEO of CybSafe, said: “The ICO data tells a clear story. The pandemic saw a steep rise in ransomware attacks. With important sectors such as education and healthcare seeing a sustained level of cyber threats throughout the last year, we need to go beyond standard security training practices.

“To embody a security-first culture, the human aspect of cyber security shouldn’t be underestimated. If we want to invoke genuine behaviour change, the first step is to appreciate individuals responding differently to threats, and personalisation is crucial to building an authentic security-first culture.

“Appreciating differences in teams means you can deliver tailored security initiatives. The result is greater employee confidence, changes in security behaviour, and ultimately a defence against such malicious threats that will only grow in importance over the coming years,” Alashe concluded.

DHL, Amazon and DocuSign among most imitated brands in phishing emails

According to the data presented by the Atlas VPN team, Amazon topped the list as the most impersonated brand in email phishing attacks worldwide last year. In total, 17.7% of brand phishing emails used Amazon’s brand name.
The trillion-dollar brand is closely followed by the world’s leading logistics company DHL and a cloud-based electronic signature technology provider DocuSign, each accounting for 16.5% and 12.7% of the brand phishing campaigns, respectively.
Cybercriminals choose to impersonate big brands to lower the guard of their potential victims. Email phishing attacks lure targets to open links to malicious websites designed to infiltrate malware or steal data.
Digital payment service provider PayPal occupies the fourth spot on the list. Last year, the brand’s name was used in 5.7% of brand impersonation emails.
Next up is the world’s largest professional online network LinkedIn. LinkedIn’s name was abused in 3.5% of brand phishing campaigns.
Other brands in the top ten include Microsoft (3%), web hosting company 1&1 (2.5%), British telecommunications services provider O2 (2.3%), the social media giant Facebook(2.2%), and British banking group HSBC (1.8%).
Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on brand phishing attacks: “Brand phishing attacks are especially damaging as they hurt not only the victims that fell for the attack but also the reputation of brands that have been spoofed. There is not much organizations can do to prevent cybercriminals from exploiting their brands. However, email users can protect themselves against phishing attempts by taking matters into their own hands.”