Misery loves company and pandemics are no exception. Since the beginning of the COVID-19 chaos, global organizations have been reporting an increase in cyberattacks against their supply chains. Other reports predicted that supply chain security for 2020 was already going to be a weak spot. Recent security breaches, such as Ripple20, magnify the challenging circumstances companies can face should their organizations lack security in their supply chain infrastructure.
How should companies prepare for supply chain cyberattacks during COVID-19, for example, a breach among one of their suppliers or the financial repercussions they would face. To answer these questions and others, Design News sought out the answers from Gonda Lamberink, Global Senior Business Development Manager at UL. The company provides an assessment tool that helps manufacturers and integrators obtain a holistic view of their suppliers’ security postures through a fair and consistent evaluation method.
DN: What are some of the difficulties in restarting a business with the easing of COVID-19 restrictions?
Lamberink: Due to the pandemic, UL perceives more of a shift, rather than new cybersecurity issues, including within supply chains. These cybersecurity issues are related to certain types of attacks with a larger number of people working from home and evolving supply chain sourcing strategies.
DN: What are the implications for professionals working from home?
Lamberink: A large number of organizations have told vast percentages of their employees to work from home for a certain period of time. With working from home policies, organizations are facing a larger attack surface as essentially each employee is now connected to a different network, rather than an organization’s own IT infrastructure. Similarly, any contractors or vendors are required to work remotely. Moreover, organizations are leveraging additional apps and services to facilitate remote communication and collaboration. There are options like VPN (virtual private network) solutions to enable the workforce and any external parties to connect to the organization’s IT infrastructure and offer basic VPN protection. But it’s not guaranteed that employees, contractors, or vendors use such solutions all the time.
Ever since people have been working from home, more of the day-to-day business is taking place through email and online messaging. Because of these developments, we see an uptake in phishing and malware attacks, aimed at exploiting employees and anyone else accessing organizations’ IT infrastructure, as they are active on potentially less-secure home networks. A risk with the workforce returning onsite following the lifting of COVID-19 measures is that they may be bringing compromised devices into trusted IT environments. UL recommends tightened cybersecurity policies to address these “WFH (Work from Home)/BYOD (Bring Your Own Device)” risks.
DN: And what the implications for the supply chain?
Lamberink: COVID-19 has made clear how dependent and vulnerable supply chains are with regard to the availability of partner and supplier organizations. Due to COVID-19, supply chain disruption has meant that organizations have either limited or no access to certain suppliers anymore, have to find new suppliers and vet them, or move supply chain operations to other regions. At the same time, the world is witnessing an uptake in cyberattacks aimed to further disrupt operations, organizations, and supply chains as a whole. Manufacturers need to be able to identify and move quickly to address even small security risks in their supply chains before they become much bigger. Enhanced supply chain collaboration and due diligence are required to ensure cybersecurity.
DN: How has COVID-19 affected innovation?
Lamberink: Supply chains are also rapidly innovating as part of Industry 4.0, with advanced and additive manufacturing trends, including 3D printing, advanced robotics, Internet of Things (IoT), artificial intelligence, and big data. When transforming from a physical business, the mindset has to be digital-first. With the digital footprint increasing, the attack surface for hackers is growing exponentially. Due to overall reduced demand and supply chain disruptions, manufacturing has taken a hit. However, once the dust settles, manufacturers will find it imperative to continue to innovate. A lot of the current focus is placed on identifying future solutions and roadmaps for after COVID-19, including revisiting sourcing strategies and seeking access to alternate suppliers.
DN: How should companies protect their supply chains?
Lamberink: From a supply chain perspective, UL recommends that organizations enhance their due diligence efforts and place more emphasis on cybersecurity. This cybersecurity due diligence should not only be for sourced hardware or software, but also for any professional services that involve individuals from outside of the organization that connect to the organization’s infrastructure, such as system integration and maintenance services. This will help make supply chains more agile and resilient and allow for continuous innovation to be done safely and securely, as reliance on connectivity, including 5G, cloud services, and data analytics, is ever increasing.
UL/Bloomberg Research Study
|Security in the supply chain. (Image Source: UL/Bloomberg Research Study)|
John Blyler is a Design News senior editor, covering the electronics and advanced manufacturing spaces. With a BS in Engineering Physics and an MS in Electrical Engineering, he has years of hardware-software-network systems experience as an editor and engineer within the advanced manufacturing, IoT and semiconductor industries. John has co-authored books related to system engineering and electronics for IEEE, Wiley, and Elsevier.