“THE BEST OFFENSE IS A GOOD DEFENSE” APPLIED TO CYBERSECURITY IN THE SUPPLY CHAIN

Confronting and Thwarting Threats to the Digital Supply Chain Head-On

It’s easy to apply sports analogies to the emerging digital world that we live in, particularly in regard to cybersecurity. Hackers study all the play-books, looking for vulnerabilities and gaps in protection, trying to intercept data and run it back to score “points on the board”. Our account information, passwords, preferences, and more are all encrypted, but every day our “opponents” are “running drills” on how to get through that defensive line, as evidenced by all the data breaches we’ve all heard about, from Uber and Target to Amazon and E-Bay, and even JP Morgan, Yahoo, and so many more who all had “fail-safes” in place that, frankly, failed.

As critically important as personal cyber-protection is to us individually, it’s truly the companies that house, process, and remit our sensitive data that are at the highest risk, some enduring multiple attack attempts daily, as the average cost to an organization of a data breach, as reported in 2015, was $6.5 million, and can result in a large exodus of existing customers, as well as a barrier to entry for new prospective clients after the attack has occurred.

As our lives, business, and worlds all move online and are digitized, the flow of goods and services depends on the constant flow of information between networks and virtual entities, but supply chains have many moving pieces, and data is sent and received through a number of complex processes that often leave it vulnerable to hackers. Understanding how these breaches occur and staying ahead of the hackers’ tricks, is paramount to keeping our personal and professional data safe and inaccessible. The newest encryption software and securely compartmentalized data storage is a great way to address these threats before they occur. The quarterback with the best defensive line and coverage (especially when they have a good understanding of their opponent) will always be the favorite in Vegas.

According to a recent study on the impact of e-Commerce on Global Trade by AAEL / Benchmark, Cybersecurity is the predominant concern of industry professionals in leading e-Commerce and online financial institutions (4-to-1 over all others), and this correlates directly to the direct and indirect damage caused by a data breach. More data than ever changes hands, is exchanged cross-platform, and leaves a footprint that can be picked up and exploited by cyber-criminals worldwide. The threats are real, and although solutions have been slow to adapt and respond to this need, we are finally seeing more ways to protect sensitive data for both individuals and international corporations alike. All the best solutions currently address the potential threat at inception and effectively secure the data before it’s ever exchanged. Blockchain is changing the way we exchange data by saving and cross-referencing all of it; these new and emerging cybersecurity solutions are doing almost the opposite – making individual bytes of data autonomous, unlinkable, and able to be “hidden” from the “challengers”. Removing the data before it can be harvested is an ultimate way to ensure that you and your organization aren’t susceptible to a data breach or cyber-attack.

The number of hacks traced through supply chains has been increasing recently – analysts claim that nearly 80% of breaches likely originated in the supply chain in 2017. The breach of Landry’s occurred by their credit-card processing system being hacked and the similar attack of Target’s payment network occurred by hackers stealing login credentials from a company that provided HVAC services to their corporate office. Some of the largest data breaches that have been in the news this year can actually be traced to the “security” software the companies were employing to keep their customers’ data safe. With programming languages seemingly changing daily, and integrations and ‘communication’ between so many platforms, written in so many varied codebases and with varying firewalls and other security measures, it’s actually surprising that data-breaches aren’t even more common. But the trend of digitization and conducting all manner of business online / digitally won’t slow down for anything, so the cybersecurity industry as a whole needs to stay ahead of the curve, and current across the board. The last decade has seen slow, but constant improvement in this respect and 2017 saw the most significant shift to protecting sensitive data at the root of the potential problems, and this is great news for us all.

Virtually every company has taken preventative measures against hacks and data-breaches to some degree or another, but the reality is that most are using outdated or patchworked products that leave gaps in their protection and leave much of their valuable data (some of which may be yours) vulnerable. Phishing and spoofing, malware, and extortion hacks are all ways that hackers attempt to hijack entire networks, and firewalls, strong password protection, and proper education are all effective strategies, but all must be supported by state-of-the-art encryption and erasure software that has been written in all/current languages, and that interact with the platforms used today. Again, “the best offense is a good defense”.

Defeating Hackers at their own Game

Attempts at theft and hacking should be presumed, but a holistic understanding of what and how they’re doing, coupled with a modern “first line of defense”, make it possible for us and our businesses to maintain a “competitive advantage” and a (much) better-than “fighting chance”. In conjunction with having the right skills and technology in place, companies should review their internal systems and procedures, and implement functions such as:

PROTECT YOUR “QB”:

Effective use of a security framework requires identifying vulnerabilities and threats via risk management strategies that understand the business context, and the available resources that support critical functions. Identifying cybersecurity risks is akin to protecting the quarterback, protecting against potentially vulnerable systems, assets, data, and capabilities.

PUT ON PROTECTIVE GEAR:

A potential cybersecurity event requires protection and safeguards of critical infrastructure services. Companies must practice access control, awareness and training, good data security, iron-clad information protection processes and procedures, and ongoing maintenance to ensure full protection against the opposition.

STICK TO THE PLAYS:

Cybersecurity tools must be understood, and protocols must be maintained, in order to discover any cybersecurity events as they happen and to make sure that the attack is not successful.

KEEP YOUR EYE ON THE BALL:

Monitor and respond to contain the impact of a potential cybersecurity event, so your supply chain and bottom line don’t suffer. The best teammates have great emergency and contingency plans, allowing companies to effectively communicate, analyze, and mitigate the damage.

PLAY IT SAFE:

Timely recovery is critical to resuming normal operations, reducing the impact of a cybersecurity event on your company. An emergency situation requires laying all your cards on the table to restore any capabilities or services that were impaired due to a cybersecurity event.

Having the right defensive line, as it relates to cyber-security, is imperative to business’ success – and is only as strong as the weakest link. Companies put a lot of trust in their partners and providers and need to do due diligence when choosing a provider or partner to work with. Some key areas to consider are:

• Consider all factors, including vendors’ and customers’ software suites, who has access to what data and how they access it, and ways to ensure that all master data is secured from inception

• Consider whether their offices and data centers are physically secure – conduct background checks and thorough training of new personnel, and minimize touch-points on all sensitive data

• Review and understand different programming languages, integrations, and API calls, and identify any “leaks” that may need to be repaired to prevent damaging breaches

• Review all their security controls and request certifications and test reports, and conduct audits when appropriate

While there are many factors to consider, questions to ask, and skills and technology to implement, supply chain security is every company’s responsibility. Threats are real and present legitimate danger both to operations and customer experience/loyalty. Companies must be constantly aware of the increasingly wide range of challenges that impact global supply chains and develop a comprehensive approach that includes the right skills, processes, and software technology to avoid serious harm to a company’s brand and reputation. There are finally new and emerging products that can help mitigate and prevent the risks that data-breaches and hackers present, and ways to ensure that you can truly lead your team to victory. The world is changing in real-time, and change often brings uncertainty and vulnerability – but fortunately, technology can be the best way to overcome problems that arise from technology. Stay vigilant, understand the changing landscape, and you can ensure that you have the right defense to continue winning in the game of big-data… on three… “break”!