Supply chain managers missing 'blindspots'

10 February 2020

Supply chain managers are not doing enough to address a variety of ‘blindspots’ that can make them more susceptible to cyber attacks, according to a report.

MIT Sloan Management School’s Supply Chain 2020 Special Report said firms are particularly bad at taking account of the security of third parties or other supply chains and how they could impact their cyber defences.

Stuart Madnick, professor of information technologies at MIT Sloan, said: “Contractors will come to your plant, and they may have their own laptops that they plug in to do diagnostic work. But you don’t know what else they’re bringing in when they plug into your network.”

The report – which revealed supply chain attacks rose by 150% between 2016 and 2017 – highlighted how Ukraine saw shipping giant AP Møller-Maersk, temporarily ground to a halt after working with a supplier that had itself been compromised. 

Thousands of company computers went down because Linkos Group, a supplier that provided its accounting software, had been infected by ransomware which hijacked its update servers and used it as a way in to their client’s networks. The event had further knock-on effects in wider its supply chain as customer’s shipments were delayed.

Other organisations suffered similar attacks, including retail chain Target, where hackers gained access through a contractor that performed ventilation work, stealing customers’ personal data.

Other problems occurred when a company acquired another, or when two firms merged. Madnick said: “A company might feel relatively good about security, but the question is, how good is the security in that company?” 

The report also looked at the adoption of blockchain, concluding that while the technology is commonly spoken about with regard to finance, in reality supply chain was proving to be its “killer app”.

 Want to stay up to date with the news? Sign up to our daily bulletin.

East London
East London Waste Authority
Natural England
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates