- Cyber attacks are getting more complex, disruptive and frequent, according to Symantec's annual "Internet Security Threat Report" and Dark Reading's subsequent coverage of the report.
- Attackers are now hijacking software updates as an entry point to target networks upstream in the supply chain. Nyetya, a global attack costing FedEx and Maersk millions, started this way. Such attacks rose 200% in frequency from 2016 to 2017, according to Symantec.
- The rise in supply chain threats reveals a trend: malicious agents are starting small, dwelling within systems for years and striking unnoticed at a later date. Symantec notes 71% of attacks in 2017 began with spear phishing. Mobile malware variants were up 54% year-over-year, while IoT attacks rose 600%.
Chilling. We can’t stop suppliers from "back door" selling, or stop maverick spend from renegade requisitioners with a credit card and a search engine. But now we have to work to prevent cyber attacks, not only in our own organization, but also throughout the supply chain.
Yikes. Where is Batman when we really need him?
In the past couple of years we’ve reluctantly added cyber security into our supply chain risk profile. Sure, we’d seen some internal network disruptions due to a virus or two, or read about ransomware attacks that impacted other companies and their supply chains, but not ours. But things are getting more complicated, and fast.
We've come to learn the hard lesson that social media is really not that social, and it is being used in nefarious ways. I see when I access Facebook at work — purely to look at my suppliers social media’s strategy by the way (ahem) — I see far too many of my colleagues "active" on chat.
But seriously, due to the latest privacy breach, I also have logged out of Facebook at home and at work, with a goal of full deletion. It seems to be an easy way in from some bad actors and I don’t want to be complicit. I just don't care that my old high school friend, who I have not seen in many a decade, has mastered his favorite shrimp dish.
So what’s a buyer to do? In an era of IoT, digital buyer-seller relationships, and robotic process automation, our vulnerabilities to cyber damage are increasing. We may have the cyber tools and protection on our networks, but do our suppliers? And theirs? Oh, and theirs?
I am not going down the road that is easily traveled, insinuating that all cyber threats emanate from low cost sourcing countries. They don’t. And while televisions suggest bad cyber actors come from former eastern block countries, that’s not the case. They can come from anywhere.
So add cyber security as a worry that keeps you up at night. Speak to your suppliers, some of which are sadly still running Windows 95, or even Vista. And while you are at it, check the anti-virus software on your home computer. Something tells me that you have been clicking ‘remind me later’ when it is asking to update your system with the latest security patch. Sadly, I do as well.