Why supply chains’ digital transformation exposes vulnerabilities
Supply chain insights
- Companies are layering more systems into their IT networks to support remote work, enhance the customer experience and generate value, all of which creates potential new vulnerabilities.
- Connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats.
- Supply chain attacks are when a company’s data is compromised via the hacking of a third-party supplier with legitimate access to its customers’ systems.
- The majority of vulnerabilities in technology and software can be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords and a lack of proper staff training.
Even before the pandemic, global supply chains were experiencing growing pains as they adapted to meet the pressures of rising demand and a delivery system in need of an overhaul. Supply and demand issues during the pandemic revealed how fragile supply chains can be, particularly with the increased threat of cyberattacks
Technologies such as embedded sensors, GPS and RFID have helped companies transform their existing traditional — a mix of paper-based and information technology (IT)-supported processes — supply chain structures into more agile, flexible, open and collaborative digital models. These digital models and their abundance of data can then benefit from another innovation, machine learning (ML). ML is particularly useful in inventory and supply chain management, in which it can learn to predict demand and identify typical business patterns for optimization. ML can also aid productivity and reduce downtime by anticipating repair and maintenance needs.
A digital supply chain provides visibility into the workings of the chain; it is the process of integrating and applying advanced digital technologies into supply chain operations from procurement data and inventory management to transportation and distribution. Digital transformation in supply chain management enables organizational flexibility, business process automation and accelerated innovation in supply chain management. However, the recent advancements in technology also increase its risk of use by cybercriminals; making manufacturing now the No. 1 target for cyberattacks. Companies are layering more systems into their IT networks to support remote work, enhance the customer experience and generate value, all of which creates potential new vulnerabilities.
Manufacturers and cybersecurity
Since manufacturers are a primary resource for goods in the supply chain, it’s important to examine issues in this industry. Connectivity provides manufacturing plant operations many advantages like increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives.
Manufacturers often have fragmented security, meaning hackers don’t expect a unified response to their attacks. Attacks can go unnoticed, followed by chaos and confusion, which leads to losses and damages. The scale of a supply chain attack is enough to take down international brands and destabilize critical infrastructure like the SolarWinds cyberattack that affected multiple organizations, including Microsoft and government agencies.
The size of these companies doesn’t seem to matter to the attackers, either. According to the Federal Bureau of Investigation (per a November 2022 article in Powder and Bulk Solids), “Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes.”
Surprisingly, a significant share of manufacturers have yet to build the cyber capabilities to secure some of these business-critical systems. Deloitte’s survey found that while 90% of manufacturers reported capabilities to detect cyber events, very few companies today have extended monitoring into their operational technology (OT) environments.
Third-party dependency increases attack surface
As companies have accelerated their digitalization strategies to continue operating – and as more equipment becomes connected – they have become more dependent on third-party software and technology. This, in turn, has increased firms’ attack surface exposure and points of vulnerability.
Supply chain attacks are when a company’s data is compromised via the hacking of a third-party supplier with legitimate access to its customers’ systems. Hackers can insert malicious code into trusted hardware or software at the source, compromising the data of its customers – and their customers – in an onward chain.
Remote alarm notification software offers additional security
The majority of vulnerabilities in technology and software can be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords and a lack of proper staff training. It’s ironic that as manufacturing plants adopt more smart technologies to increase production and efficiencies, cyberattack risks escalate. More ironic still, turning to additional technology is one answer to address this challenge.
With the best of intentions and under pressure to allow more remote work during the pandemic – which has continued with hybrid work policies – many organizations opened remote desktop access (e.g., RDP and TeamViewer) so that remote operators can interact with their supervisory control and data acquisition (SCADA) systems. While such remote desktop tools make sense for IT administrators (though they must be deployed and maintained with security in mind), it’s really a misuse of such tools and a violation of the principle of least privilege to expose OT control systems to operators, technicians and management. Broad remote access presents increased security risk.
Instead, remote alarm notification software can provide remote teams with the process and asset information they need from SCADA but without granting access to the SCADA itself. Such software can be deployed across secure, layered networks, shielding the OT network behind multiple firewalls. In this manner, alarm notification software can take advantage of off-site, off-network or even cloud-based notification modalities. Such software also often includes on-prem notification modalities such as support for analog/digital phone lines and SMS delivery via wireless cellular modems.
Additional best practices for securing the supply chain
Manufacturers can protect themselves from downtime, loss of reputation and the financial costs of cybercrime by following important cybersecurity practices.
It is somewhat paradoxical that even in today’s increasingly digitized world, people continue to be one of the most glaring weak spots in cybersecurity. To address this, cybersecurity training should begin for all new employees during the onboarding process and continue throughout their time with the organization. Strengthening passwords is also an important first line of defense against cyberattacks, and this can be implemented quickly with immediate benefits. Software updates address security concerns, particularly since manufacturing is inundated with issues related to the use of legacy machinery. Applying patches whenever possible can limit those areas of weakness.
Manufacturers should also take steps to secure any remote access software. They should not use unattended access features, and IT leaders should configure the software such that the application and associated background services are stopped when not in use. Integrating the remote alarm notification software through the SCADA system is critical to further reducing cyberattacks.
Being prepared for supply chain disruption
Whether you’re a manufacturer or an end-user, supply chains’ connectivity and the threat of cyberattacks affect your business. Organizations across industries must take immediate steps to improve security and risk posture to prevent attacks on our supply chain, critical infrastructure and industrial systems.
The scope of the threat is growing, and no organization is immune. Companies must reinforce their defenses and understand the myriad technological tools that will help them combat the ever-growing cyber threats.