This year has been one of the most – if not the most – disruptive years in history for the global supply chain and retail sectors. Due in large part to the Coronavirus disease (COVID-19) global pandemic, shopping shifted primarily online and many brick-and-mortar stores, both big and small, closed their doors.
As consumers adapted to the New Normal throughout the pandemic, cybercriminals shifted their focus to the industries that kept life moving for citizens trying to navigate this difficult time. Research indicates that retail and wholesale were the hardest hit industries by opportunistic attacks, experiencing 2.5 million-plus attacks between January and June of this year. The supply chain sector was the only one in which cyberattacks increased nearly every week during the first 100 days of COVID-19, with outages severely impacting the retail and e-commerce industries as well.
Threat actors know that organizations that focus on manufacturing, warehousing and transporting goods as part of the supply chain are under significant pressure to keep personal protective equipment (PPE), critical food and medical supplies on track to the people across the globe. These actors are therefore exploiting organizations that would be more likely to pay up to keep operations active. Cybercriminals will always follow the money, and with this year’s unique holiday shopping season ramping up early, combined with a significant increase in COVID-19 cases, threat actors will not miss their opportunity for a big payout.
Let’s explore six ways the supply chain industry can remain secure during this season.
Securing the supply chain ahead of the shopping season
Knowing that an attack can sometimes halt operations for days and seriously impact the bottom line, businesses must take steps to secure themselves now and prevent downtime. Here are six recommendations for supply chain and retail businesses to improve their security posture heading into the busy holiday season.
1. Secure domains with DMARC. If a website is not protected with DMARC (Domain-based Message Authentication, Reporting, and Conformance), it allows cybercriminals to spoof any email address using the website’s domain name. This means that a threat actor can send out emails to employees or customers pretending to be a representative of the company and trick the recipient into clicking on a malicious link or opening a dangerous attachment. Not only does this put the recipient at risk, it also impacts brand safety because of the association with unsafe online activity.
2. Encourage proper cyber hygiene, such as strong password usage and software updates. For the past six years, the most frequently used password was “123456.” Not only are simple passwords easy to for anyone to guess, they can also put businesses at significant risk for identity theft and attack methods such as brute force attacks, in which a threat actor tries to log in using as many common passwords as possible. Employees should also regularly update their devices when new versions become available, this will ensure security on their company-issued device. Strong, unique passwords and software updates are a simple way for every employee in a business to protect their company, as well as themselves, from a successful cyberattack. The basics of cybersecurity go a long way in protecting an organization.
3. Back up critical processes and data. Supply chain companies must take steps to back up their data and critical processes, like email, before an attack happens. With a robust back up plan in place, there will be less pressure on businesses to pay ransom in order to retrieve stolen information before it is lost or released. If companies don’t already have one in place, look for programs that include continuity plans for all critical systems, so that officials know if they lose a certain system, they can quickly pivot to a replacement. Downtime is not an option this holiday season, organizations must have a backup plan, and an efficient way to restore data.
4. Consider cloud-based services. Oftentimes, IT professionals within a business are tasked with not only maintaining security, but also helping employees with any technology-related issues. . These professionals are forced to specialize in many different areas of IT, but it is impossible to be perfect at all the solutions an organization uses. In fact, the average enterprise organization deploys 75 different security solutions, it’s too hard for one small IT team to maintain. Through outsourcing IT services to cloud providers, supply chain companies are able to save money and relieve themselves of the full responsibility of managing, maintaining and patching hardware and software updates.
5. Form a response plan. If an attack occurs, employees must know how to respond. By creating a threat response plan, company leadership will be prepared with clear next steps and will not be forced to act on the fly. Leadership should identify critical assets and outline appropriate steps to protect – or recover – those assets. Necessary personnel, both inside and outside the organization, should be identified and clear responsibilities established before a breach happens so that staff can act quickly and effectively if the time comes.
6. Heighten cybersecurity awareness. Nearly 90% of cyberattacks are caused by human error, which means they are preventable. They can be, if a company provides cybersecurity awareness training to employees. If employees are more aware of the ways they can be targeted and educated on how to avoid similar situations, they will be less likely to accidentally cause accidental harm. Effective awareness training programs should be entertaining and fun, distributed in short, five-minute sessions throughout the year. Some programs can even quiz employees with real-world phishing emails to better train them to spot a potential threat.
The supply chain is facing challenges that have never been seen before, and this year’s holiday season will put even more pressure on the industry. By taking the necessary steps to ensure the right safeguards are in place, companies can prevent cyberattacks before they happen. As a result, supply chain companies can ensure that both essential goods and holiday gifts get to the end consumer, uninterrupted.