Cyber vulnerabilities – a top supply-chain risk

Reducing attack surface is key to shoring up security, expert says.

The digitalization of information processes has facilitated the integration of supply chains and has promoted supply-chain visibility. The advent of modern technologies like cloud computing has increased the agility of supply-chain organizations, enabled more reliable planning and speedier collaboration, and lowered operational costs.

The advantages that motivated supply chain organizations to participate in these complex digital environments also has its downsides in the many cyber security risks to supply chains that have been spawned by that connectivity. As supply chains have become more connected and more global, the potential for supply chain disruption from a cyber event becomes more likely and its implications more severe and widespread. It also becomes more challenging to secure the many supply-chain and computing components that represent points of vulnerability.

Digital vulnerabilities in the supply chain can compromise the integrity and reliability of data, systems, and the transactions and flows of goods that they manage, all of which can negatively impact the trust that users have in them. Cyber vulnerabilities can be used to gain access to sensitive information, intellectual property, and data. Software vulnerabilities sometimes come about due to poorly designed systems but also as a result of intentional flaws introduced into software by malicious actors.

The integrity of supply-chain systems and data is becoming an increasingly important business consideration when it comes to choosing supply-chain partners.

Cyber Risk: A Critical Supply Chain Factor

A recent study from Gartner indicated that cyber security risk has become a primary buying consideration for supply-chain executives, and that 60% of supply-chain organizations will gauge cyber security risk as a significant factor in conducting transactions and business engagements by 2025. Regulators are also increasingly focusing on cyber security, and companies without robust cyber risk management strategies may face penalties should incidents occur.

“There is an imperative both from a policy landscape, a regulatory landscape, and also from a business landscape to do a better job at understanding risks and managing those risks,” said Bob Kolasky, former assistant director at the U.S. Department of Homeland Security’s Cyber and Infrastructure Security Agency and currently a senior vice president at Exiger, a supply-chain software company.

Over two-thirds of business leaders feel that their cyber security risks are increasing, according to a recent survey conducted by Exiger and Stax Consulting, and cyber vulnerabilities now represent the top risk concern for supply-chain managers. Eighty-six percent of supply-chain cyber breaches are financially driven, the Exiger research showed, while 10% represented some form of espionage.

There have been several examples of supply-chain cyber-attacks in recent years, including last year, when Microsoft Exchange Server, an email, scheduling, and collaboration platform, was found to have unpatched vulnerabilities, impacting thousands of enterprises directly and millions indirectly and allowing attackers to infiltrate servers and steal data. A similarly unpatched vulnerability in Log4j, a widely-used Java logging framework, was discovered in 2021, affecting 93% of enterprise cloud environments. The vulnerability allowed attackers to craft…