Download the full 2018 annual report here
Cyber attacks continued to grow in intensity in 2018, with alarming new trends evident. First, government agencies are now being attacked more frequently. The March 2018 attack on computers and networks in Atlanta—a major national transportation hub—was the largest successful ransomware cyberattack on a U.S. city. In the private sector, aerospace, hi-tech, life sciences, metals, mining, and natural resources companies experienced cyberattacks in 2018. The medical device segment in particular was recognized as an industry in which cyber-attacks on manufacturers could pose threats to patients. After cybersecurity vulnerabilities were identified in the Internet connections used by Medtronic to update software in cardiac implantable electrophysiology devices (CIEDs), the company issued a voluntary recall in collaboration with Food and Drug Administration. Following this event, the Healthcare Sector Coordinating Council, a joint group on security issues between industry and government, published a joint security plan addressing the challenges faced by medical devices. Similarly, a computer virus attack at Taiwan Semiconductor Manufacturing Company (TSMC) was caused due to a failure in following proper operating procedures for virus scanning.
This resulted in halting production lines in three of their plant locations with losses estimating to $157million, making the attack the largest information security incident in Taiwanese history. Early in 2019, metals, mining, and natural resources companies including Saipem, Nyrstar, and Altran, experienced cyberattacks or significant threats, illustrating that criminals are likely targeting this industry in a focused way. An attack in cyberspace can immediately shut down a supply chain in the physical dimension. The increased attacks and threats reported in 2018 should serve as reminders to supply chain professional to become informed about their supplier’s cybersecurity measures, to define what cybersecurity standards they’ll require from suppliers, to collaborate with suppliers to close cyber-security gaps, and to continuously monitor cyber-attack events that could impact their supply chain.