What’s at stake when your supply chain is unprepared for a cyber attack?
$4.45 million—that’s the average cost of a data breach across the globe in 2023. In the United States, that number is even higher at a staggering $9.48 million! If you don’t have ways to prevent cyber attacks in your supply chain, that’s a lot to leave up to chance.
Adding to the urgency, global cyber attacks are on the rise, increasing 38% in 2022 compared to 2021. From January to September 2023, Resilinc’s supply chain monitoring system, EventWatchAI, detected 504 potentially disruptive cyber attacks globally across all industries Resilinc tracks. Of those alerts, over 50% triggered a WarRoom—meaning these events had a high potential to disrupt the supply chain.
Now, it is more important than ever to put into place procedures to defend against cyber attacks and data breaches. This is especially true for companies in healthcare, life sciences, high-tech, SaaS, and General Manufacturing—the top 5 industries impacted by cyber attacks in 2023, according to Resilinc data. In this blog, we look at 10 strategies to prevent cyber attacks across your supply chain.
(Hint: It’s not just about your business. Your suppliers need to be prepared too!)
#1 Assess Supplier Vulnerability
Small and medium-sized businesses (SMBs) are prime targets for cyber attacks. In 2021, 61% of SMBs were the target of a cyber attack—meaning your smaller, lower-tier suppliers have a higher cybersecurity risk.
Before an incident occurs, assess all your suppliers’ cybersecurity capabilities and certifications annually. Resilinc’s Supplier Cybersecurity Assessment makes this process easy. This extensive evaluation collects information on your suppliers’ data security, privacy, infrastructure, processes, and threat-monitoring capabilities to help you diagnose gaps in your supply chain’s cybersecurity defense.
#2 Do a Gap Analysis of Robust Suppliers vs. Vulnerable Suppliers
After you assess your suppliers, compare the results. Which suppliers have robust cybersecurity measures in place? Which suppliers are more vulnerable? From there, you can remediate high-risk areas and develop joint plans to close gaps—ensuring robust and best-in-class security capabilities are in place. If you use Resilinc’s Supplier Cybersecurity Assessment, we will run analytics to highlight potential problem areas, calculate scores, and anticipate trends to save your team valuable time and resources.
#3 Build a Business Continuity Plan
Do you have a game plan for if a cyber attack occurs? A Business Continuity Plan (BCP) can help ensure your team acts quickly and cohesively when a breach happens—to minimize damages and recover faster. This is true for your suppliers as well. Resilinc analyzed over 35,000 supplier sites and found that 27% of sites had no BCP procedures!
#4 Avoid Communicating Over Insecure Channels Such as Email
According to KnowBe4, the world’s largest platform for security awareness training, 91% of cyber attacks begin with a spear phishing email. This type of email uses information about the target to make it appear more personal. While email is easy—it’s not always the best choice for sharing confidential and sensitive data with suppliers.
#5 Do Not Store Important Data on Individual Devices
Security breaches at companies and their suppliers can and do happen, frequently compromising IT systems such as desktops, laptops, and smartphones. Instead, invest in SaaS solutions that securely store sensitive data that companies and their suppliers can access online without needing to download to their IT systems.
#6 Track and Incentivize Progress
As you introduce new requirements for cybersecurity to your contracts, make sure to track your suppliers’ progress. Are they following the steps required to become compliant? While traditional incentives around increased business work well, other incentives are worth considering as well. Suppliers can be given awards, preferred status, and referrals that help them win additional business.
#7 Maintain Current Information About Software
Because many cybersecurity incidents originate from software bugs in various software systems, have your suppliers provide a list of software they use along with version numbers. For software suppliers, the company should collect a list of open source and proprietary software, and their versions used in creating the software that the company licenses from the software supplier. Then, implement a data refresh as part of your standard process. We suggest a cadence of every six months.
#8 Prioritize Quality Third-Party Risk Management
Cybersecurity is very much a specialized field. Therefore, it is important to have third-party experts conduct audits. Companies may outsource IT and security administration to managed service providers (MSPs) to save money. However, many third-party providers are new or startup companies that may not have the best protection. According to the NTT Security Holdings’ 2022 Global Threat Intelligence Report, third-party suppliers have been increasingly targeted by cybercriminals. Do your due diligence to ensure your third-party management is sufficient to protect against cyber risk.
#9 Address IT Staffing Shortages
Is your team properly staffed to handle a cyber attack? The cybersecurity industry has been increasingly impacted by labor shortages in IT fields due to aging populations, the lack of STEM degrees, security fatigue, and more. On average, a security team is responsible for nearly 400,000 assets and attributes and over 830,000 potential security risks.
Having an incomplete cybersecurity team can leave your company more vulnerable to attacks, breaches, and leaked information. To address these shortages, consider recruiting overseas or working with universities through internship or mentorship programs. You can also offer additional training to employees to help develop and create talent.
#10 Invest in Cybersecurity Insurance
Cybersecurity insurance can be expensive. To negotiate more favorable terms with insurance underwriters, provide as many details as possible about suppliers’ supply chain cybersecurity processes and practices. You can use Resilinc’s Supplier Cybersecurity Assessment to help with this process. If you already have insurance, review coverage to ensure adequate coverage for cyber incidents and resulting supply chain disruptions.
Don’t Wait Until a Cyber Attack Occurs—Start Preparing Now
Because cybersecurity disruptions can have a severe impact on your company’s finances and brand, it is crucial to start addressing supplier cybersecurity risks as soon as possible. It is not enough to react after an incident has occurred—when the damage has already been done. The first step is to assess your suppliers and find out where your vulnerabilities are. After that, you can begin implementing cybersecurity practices and push vulnerable suppliers to improve their processes.
Prevent cyber attacks in your supply chain today. To learn more about implementing cybersecurity measures across your supply chain, download our report: Spotlight on Cybersecurity.
If you’re ready to get started, reach out to discuss how Resilinc can help elevate your supply chain risk and resiliency program against cyber attacks. Request a demo today.