Did you know October is National Cybersecurity Awareness month? I’ll also ask as a follow-up question: Are you confident about cybersecurity in your supply chain?
I ask because I’ve been thinking about some recent articles and news regarding the growing threat against supply chain cybersecurity. In fact, the U.S. Department of Homeland Security reports that the growing number of attacks on U.S. cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.” Now, some of you may wonder whether or not the situation really is so severe. The answer, says Dennis Omanoff, senior vice president and chief supply chain officer at computer security solution provider McAfee, is, yes.
In a recent article that ran in Supply Chain Management Review, Omanoff said that more than natural disasters, financial instability, or political upheavals, what keeps him awake at night is the fear that “bad guys are injecting bad stuff into products” that can disrupt, bring down, or steal confidential information from networks.
That’s partly because concerns continue to rise about the “injection of viruses” into high-tech hardware products during their journey from manufacturing sources to customer delivery, especially to government agencies, he added. But it’s also the growing nature of the threat. Omanoff explains that McAfee reviews about 100,000 potential malware samples per day; identifies more than 55,000 new, unique pieces of malware per day; and identifies about 2,000,000 new malicious web sites per month.
Omanoff’s comments remind me of a Marketwire story that ran last summer, which reported that according to a survey of U.S. IT and IT security professionals, the threat from cyber attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks. While the survey, conducted independently by Ponemon Institute and sponsored by Juniper Networks, found that 90 percent of businesses suffered cyber security breaches at least once during the past 12 months, what’s more alarming is that more than half of the respondents report that their companies have experienced multiple breaches during the past 12 months.
The financial consequences have, of course, been significant. Overall, respondents indicated that security breaches have cost their companies at least half a million dollars to address in terms of cash outlays, business disruption, revenue losses, internal labor, overhead, and other expenses. Furthermore, most respondents--59 percent--report that the most severe consequence of any breach was the theft of information assets, followed closely by business disruption.
One of the more interesting aspects to all this is just how the attacks take place. I was interested to see in Juniper’s study that according to survey participants, security breaches most often occur at off-site locations but the origin is not often known. Mobile devices and outsourcing to third parties or business partners seem to be putting organizations at the most risk for a security breach. In fact, 28 percent of the respondents say the breaches occurred remotely and 27 percent say it was at a third party or business partner location.
So, what can be done? Omanoff from McAfee says that to counter the threat, supply chain professionals charged with manufacturing and delivery processes must look beyond traditional supply chain threats such as tsunamis, demand volatility, or financial degradation, and take extra precautions to ensure that technology products in particular are safeguarded from viral attacks. He goes on to say that supply chain managers must be vigilant when it comes to resisting cyber crime and cyber terrorism, and remember that it takes a “preemptive” strategy to ensure against future violations.
Considering the proliferation of smartphones and laptops in the workplace, and companies allowing employees to use their personal devices for work, it certainly seems cybersecurity threats will likewise continue to grow. What do you think? Has your company—and its business partners and suppliers—addressed the threat?