☛ Want the latest procurement and supply chain news delivered straight to your inbox? Sign up for the Supply Management Daily
1 October 2013 | Gurjit Degun
Businesses are overlooking the threat of cyber attacks to their supply chain that may cause significant lost income and increased operating expenses.
That’s the warning from insurance broker and risk management firm Marsh. It explained such threats have affected more than half (52 per cent) of companies responding to the Business Continuity Institute’s Supply Chain Resilience 2012 report.
The latest Marsh Risk Management Research briefing also explained technology failures on supply chains could also damage a firm’s reputation.
“With effective planning inside a comprehensive risk management programme, businesses can better prepare for IT outages and minimise their impact on business operations, revenues, and reputations,” said Bob Parisi, network security and privacy practice leader for Marsh.
Marsh suggested the following steps to prepare for IT disruption:
●Determine the criticality of various IT systems to ongoing operations and whether alternatives are available or enhanced protection is possible.
●Develop and test business continuity and crisis management plans that specifically address IT outages.
●Evaluate claims preparation and management plans.
Marsh’s report comes in the same week that security researchers at Kaspersky Lab have exposed a new cyber-espionage campaign focusing on supply chain attacks in Japan and South Korea.
‘Icefog' is an advanced persistent threat (APT) that has been active since at least 2011. Known targets have included government institutions, military contractors, maritime and shipbuilding groups, telecom operators, industrial and high-tech companies and mass media, Kaspersky Lab said.
Costin Raiu, director of the global research and analysis team at Kaspersky Lab, said: “The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that go after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave.”
Raiu predicted that such APT groups will grow, specialising in hit-and-run operations. “A kind of ‘cyber mercenary’ team for the modern world,” he explained.