COVID-19 has changed the world. The global economy is crashing, some countries are in complete lockdown, people are wearing masks and other PPE when they step into the great outdoors. Most importantly, almost all organizations that are still operating during this time have had to shift to remote work. While many businesses today are technologically savvy and equipped for remote operations, an important question arises: How does this affect the landscape of Supply Chain Risks?
Have you paused to reflect on how they are managing these Supply Chain Risks? And I don’t mean emotionally. You might have suitable cybersecurity measures in place, but do your suppliers? Locking the door of your home is completely ineffective if there is someone outside willingly opening it.
Usually, manufacturers’ infrastructure consists of legacy components that they built without considering cybersecurity. Now that they suddenly need to be accessible remotely leaves a number of vulnerabilities available for bad actors to exploit. And, believe me, they will find a way to do so. To make matters worse, the transition has been abrupt when a change of this magnitude would typically require a timely project.
WFH Leaves Inevitable Entry Points for an Attack
This rapid shift creates unavoidable vulnerabilities for potential hardware attacks. Moreover, with a reduced workforce, the risk of these vulnerabilities going unnoticed and unaddressed is even higher. Additionally, because remote work is unfamiliar territory for some supply chain manufacturers, employees may not be well-informed about the associated risks. This, in turn, increases the risk as uneducated staff can be responsible for a quarter of all cyberattacks due to reckless actions.
Even before the effects of COVID-19, malicious actors frequently targeted an organization’s supply chain as they are often easier to infiltrate. Now that they are even less secure, the number of attacks (attempted or successful) will naturally increase. Connecting to the network (which has been built quickly, with infrequent oversight) remotely opens up a number of risks. Some of which can easily be prevented by implementing up to date anti-virus software, IDS and VPNs (Remote Working Security Risks).
Using “short cuts”
People tend to rush, which often leads them to seek “short cuts” and utilize equipment they wouldn’t typically consider. And through this process, some Rogue Devices might find their way into the Enterprises assets. However, supply chain manufacturers who find cybersecurity a novel topic will be ignorant to all of the various protection measures simply because they have not had to deploy them before.
So, what can be done? Importantly, advise leaders in your supply chain to invest in security software to reduce the likelihood of a successful Rogue Device attack. The security software will help an inexperienced team by providing them with 24/7 monitoring of the systems. Non-critical systems that do not need to be online should not be online as it only puts the organization at greater risk if they are.
Education and Awareness is Key
When it comes to cybersecurity, education and awareness is key. Thus, it is crucial to communicate with leaders of your supply chain. And for them to relay this information back to their staff – about the increased risks of remote work and how they can take action to reduce the potential of an attack taking place. This includes emphasizing hygiene. And no, not telling employees to wash their hands for two minutes after every time they touch something. They already know about this. COVID-19 is improving hygiene in other areas too; cyber hygiene – know which devices are being used and for what purpose. Who else is using that device? What sort of company data is being accessed when using that device?
Basic actions like understanding your asset inventory and its purposes will heighten employees’ awareness of potentially vulnerable devices. This can lead to steps being taken to mitigate such vulnerabilities, such as ensuring that all authentication features on the device are activated and that only one user accesses the device. Your four year old child wanting to play games on your laptop may cause a damaging cyberattack. By accidentally connecting a vulnerable device used by an attacker to gain off-site access or by opening a phishing email. Just say no. It’s worth the temper tantrum.
Mitigating Supply Chain Risks: Ensuring Cybersecurity
It’s equally crucial to emphasize to employees the significance of refraining from personal internet use while connected to the company’s system, especially in the context of Supply Chain Risks. An effective method of ensuring this is to enforce whitelisting practices. If this cannot be done, emphasize that websites such as Gmail, Facebook and Netflix should not be accessed when on the company’s network. Hopefully your staff would not be watching the latest season of their favorite show when on the clock, anyway.
COVID-19 has introduced numerous risks, but non-health-related ones often receive insufficient attention. We shouldn’t exacerbate an already alarming situation by adding an increased risk of a cyberattack. It’s not sufficient for organizations to have robust security measures in place. They must also ensure that their supply chain is equally fortified against Supply Chain Risks. In these times of sudden operational shifts by supply chain manufacturers into unfamiliar territories, it’s in the organization’s best interest to assist their suppliers in making this transition. Ensuring that comprehensive cybersecurity measures are integrated throughout the supply chain. As the saying goes, you are only as secure as your weakest link.