In the age of the COVID-19 pandemic, global supply chain security is placed under extreme pressure as a result of cyber security threats.
This is confirmed by the findings of a recent Risk Ledger report, which lays out the looming risks faced by supply chain security experts in light of the global pandemic. The findings, which observe the financial and reputational damage caused by supply chain security breaches, affirm the notion that, in a time of crisis, new opportunities are provided for criminals who seek to exploit vulnerabilities.
This is a sentiment supported by the researchers themselves, who state that supply chain security is becoming an increasingly graver concern as a result of the COVID-19 outbreak. “The COVID-19 crisis and associated global lockdowns are causing dramatic increases in the short-term and medium-term risks radiating from an organisation’s supply chain,” they claim.
According to the researchers, the number of high-profile supply chain data breaches to have occurred over the last months only serves to highlight this fact, alluding to the recent hacking of ticket service Ticketmaster as a case in point.
Key findings for global supply chain security
The report by Risk Ledger seeks to map out the impact supply chain security breaches have on businesses—both financially and reputationally—as well as what role that the regulatory environment can play in mitigating these risks.
According to the research team, the issue “has risen to become an integral process for any business that relies on its suppliers to process data or provide critical services.”
Chief among Risk Ledger’s findings is that over 60% of data breaches happening at present can be attributed to a third party. This is a number, according to the report, that continues to rise year-on-year “as companies trust an increasing number of suppliers with sensitive and confidential data”.
A number of other key findings of the report reveal that:
- 36% of suppliers do not enforce multi factor authentication on remotely accessible services, and the same number of suppliers do not make use of mobile device management.
- 27% of suppliers have not put formal agreements in place to control third-party use of data. (This is a measure that is required under GDPR guidelines).
- 15% of suppliers do not provide any form of information security training to their employees.
- 35% of suppliers do not regularly conduct penetration tests of their public facing IT infrastructure.
- 31% of suppliers have not implemented network monitoring controls to make sure their computer networks are watched for slow or failing components.
Suggested steps
The impact of COVID-19 on supply chain security has been profound. In order to mitigate the risks, Risk Ledger suggests that companies make sure they keep a database of all of their contracted suppliers.
Following this, conducting a risk assurance program to understand how the suppliers who hold data have mitigated the increased security risk also comes highly recommended. The researchers further suggest that companies should keep their board or senior management briefed as to the financial consequences that may befall critical suppliers in the event of a data breach.
As a final measure, Risk Ledger also recommends that companies form a crisis team in the wake of COVID-19 in order to effectively react to supply chain incidents and build an incident response plan.
COVID-19: Problems and possibilities for supply chains
The threats to supply chain security as a result of COVID-19 seem to be reaching monumental proportions. In a time when supply chains find themselves already under an immense pressure to evolve to the new circumstances, the potential for misstep has only been increased.
For instance, as the researchers at Risk Ledger point out, the average cost of a data breach in 2019 was $3.92 million, according to IBM’s 2019 Cost of a Data Breach Report. They suggest that many critical suppliers may not be able to survive a breach of such magnitude—a factor that is only expounded by the outbreak of COVID-19.
Along with the rise in the number of people beginning to work from home, recent changes will likely only serve to leave sound supply chain security practices more important than ever before.
“This larger attack surface inherently increases the risk of successful cyberattacks,” the researchers at Risk Ledger point out to this effect. “However, the speed of the switch to remote working also raises concerns over the quality of security controls implemented to mitigate the risks of this newly remote workforce.”
In the wake of the threat posed by the coronavirus crisis, vulnerabilities inherent within the global supply chain and digital economy have been laid bare for all to see. However—as the Risk Ledger experts believe—in spite of the negative impact such vulnerabilities may pose, there is hope that the ongoing COVID-19 crisis provides businesses with an opportunity: To strengthen existing supply chain risk management processes, and build supply chain resilience anew.