While technology brings incredible enhancements to supply chain management, it also creates more vulnerabilities to an enterprise. These threat vectors leave a company exposed to significant disruption in business operations, which can result in long-term ramifications to the organization and its entire supply chain. Furthermore, the interconnection of systems and data across supply chain partners can lead to privacy breaches and identity theft through the exposure of company and customer data.
Although many small and mid-market firms believe they are immune to these threats due to their size and footprint, “SMBs were victims in the majority of cyberattacks the FBI’s Internet Crime Complaint Center (IC3) investigated in 2021, which in total led to $6.9 billion USD in losses,” according to an analysis by CrowdStrike.
Cybersecurity in the mid-market supply chain in 2023
The rate of global cyberattacks continues to rise, increasing 38% in 2022 compared to 2021, according to Check Point Research. In a separate report, IBM notes that supply chain attacks caused 19% of all cybersecurity incidents in 2022.
Ransomware, a form of malware designed to encrypt files on a device rendering any files and the systems that rely on them unusable, is now a business-critical issue for companies. Malicious actors demand ransom in exchange for decryption, threatening an enterprise’s ability to serve customers, to pay vendors, to maintain access to current and historical records and data and, in most extreme cases, to continue business operations.
According to IBM, the average cost of a ransomware attack is $4.54 million, while the average data breach cost is $9.44 million in the US. While the direct, measurable costs of a cyberattack are concerning, the long-term impact to an organization and its relationship with customers and vendors creates additional challenges. In the case of one major freight forwarder, unraveling the effects of a cyberattack resulted in halted operations for at least 3 weeks, $47 million in extra charges from container depots and terminals, and an additional $18 million on technology products and services for restoring operations and covering claims. One customer in particular, iRobot, is currently suing this vendor for $2.1 million in damages to their supply chain as a result of the impacts from this attack.
Hackers attacking the mid-market supply chain provider
One typically thinks of larger organizations like this as targets for cyberattacks, but small and mid-sized victims are actually a preferred target due to their limited resources for constant protection and their connection to larger supply chains. According to a report from Huntress Labs, Inc, nearly a quarter of mid-sized companies reported being victims of cyberattacks or were uncertain if they had a cyber breach during the past 12 months.
Mid-sized companies are getting hit by cyberattacks as frequently as their larger enterprise counterparts. However, unlike large enterprises, these smaller companies often lack the budgets, resources, and expertise to protect themselves. In addition, the cybersecurity industry often prioritizes large enterprise needs, leaving a shortage of cybersecurity resources geared toward the mid-market.
A 2022 study by Coronet, found that phishing and malware attacks were the predominant attack types among mid-sized businesses before the pandemic. However, due to the digital transformation that mid-sized companies underwent through the last two years, a broader range of cyber-assaults has since emerged, with bot attacks increasing by 238%, Wi-Fi phishing by 203%, malware in cloud applications by 180%, malware via email by 154%, malware delivered via endpoints by 156%, and insider threats by 132%.
How can the mid-market supply chain partner protect itself?
Cybersecurity should be an integral part of any supply chain’s risk management strategy and should include support from both stakeholders and partners in order to develop a robust cybersecurity platform for all. Having cyber insurance isn’t enough. Organizations must have a well-designed program that considers business continuity, incident response, and disaster recovery, which must be thoroughly tested and updated regularly to prevent unexpected issues when enacting one of these plans.
Conduct Regular Training
Unsurprisingly, both Coronet and Huntress Lab’s reports suggest that mid-sized businesses need to focus more on cybersecurity activities such as regular formal security training. Even though 60% of mid-sized organizations said they regularly conduct cybersecurity training, only 9% of employees adhere to security best practices according to Huntress Labs. This suggestion is supported by the 2022 Verizon Data Breach Investigations Report (DBIR), which notes that 82% of breaches involve a human element such as stolen credentials, phishing, misuse, or simply an error. It is incumbent upon companies to provide ongoing educational programs to employees.
Institute a formal cybersecurity policy
Prepare a written policy which serves as a formal guide to all cybersecurity measures used in the company. This policy should include organization-wide password requirements, designated email security measures, an outline of how to handle sensitive data, rules around handling technology, a set of standards for social media and internet access and a plan on how to prepare for, and react to, a cyber incident. This should be supported by business continuity plans, incident response plans, and disaster recovery planning.
Secure your firewall
50% of employees say they do not believe their organization is prepared to repel a ransomware attack (PurpleSec 2021), which stresses the need for mid-market businesses to install a strong firewall. The firewall prevents unauthorized users from penetrating their websites, emails, and other sources of information that can be accessed through the web.
Implement multi-factor authentication (MFA) companywide
Use multi-factor authentication to add an extra layer of security to data. Even if a hacker gets a password, they would be required to cross the second or third factor of authentication such as security code, OTP, fingerprint and voice recognition.
Restrict access to your network
A third-party contractor or temporary employee may have open access to a company’s data. It is important to restrict third-party access to a certain area and deactivate the access whenever they finish the work.
Contact Hartman to develop a cybersecurity strategy to protect your supply chain business
The threat to cybersecurity in the supply chain industry is a growing concern that can have significant consequences for businesses of all sizes. However, mid-market supply chains are particularly vulnerable, making them prime targets for cybercriminals. At Hartman Executive Advisors, we understand the importance of protecting your business from cyber threats and offer tailored IT and cybersecurity strategies for mid-market supply chain businesses. Our team of experts can help you create a robust cybersecurity plan that meets your unique needs and keeps your business safe. Don’t wait until it’s too late. Contact us today for a free consultation and take the first step in protecting your business from cyberattacks.