In early March, the UK government warned in a press release that, while awareness of the threat of cyber attacks has increased, organisations must be doing to more prepare for and prevent against the potential impact of cyber attacks.
Countless high profile attacks in recent years have highlighted the fact that organisations of all types and sizes are susceptible to cyber crime. The creation of CSO (Chief Security Officers) and CISO (Chief Information Security Officers) executive roles, responsible for ensuring the physical and cyber security of leading organisations, is a telling sign of the times.
For organisations operating complex, global supply chains, cyber attacks join a list of existing threats and disruptions that they must contend with, such as political unrest, changing taxes and duties, shifting consumer expectations and the growing demand for sustainability.
In 2017, shipping conglomerate Maersk fell victim to what has since been labelled the most devastating cyber attack yet. The conglomerate was targeted with an exploitative ransomware called NotPetya which gained entry to its IT systems through outdated software patches in its accounting software. The malware spread throughout Maersk’s global network, effectively shutting down its operations at 76 ports. The estimated cost of the attack on the company’s operations was a staggering $200-300mn.
An ever-present threat
It’s not just the principal target of an attack that is affected. Countless businesses that rely on Maersk’s shipping services would have been impacted by the NotPetya attack. But for each of those businesses, the risk doesn’t just lie in the third party organisations they deal with. Their own assets could easily be targeted in cyber attacks, potentially wiping out critical supply lines.
There’s no doubting that supply chains are at risk, so what can businesses do to safeguard supply chain continuity in the face of a cyber-attack? To ensure resilience in the supply chain, businesses need to be able to prepare for the unknown.
By exploiting software vulnerabilities, NotPetya was able to circumvent antivirus software. The fact that a leading global shipping conglomerate’s security measures weren’t enough to stop such an attack highlights the severity of the threat to any other business. With cyber attacks becoming increasingly sophisticated, it’s difficult to envisage the point at which absolute protection can be guaranteed.
Based on the rate at which attacks seem to be taking place, predicting and preventing such attacks seems near impossible. In 2018, cybersecurity firm Malwarebytes warned that cyber attacks on businesses had surged by 55%. While there’s no escaping the threat of a cyber attack one day impacting the supply chain, whether through an attack on a business’ own assets or those of a supply chain partner, businesses need to be able to ask, and answer, difficult questions. What would the cost be if one of your facilities was taken out by a cyber-attack and you had to move production to another facility? How quickly could you restore service?
To benefit from reliable answers that will inform an effective strategy for dealing with such an attack, businesses need the ability to test ‘what-if’ scenarios. Technology that enables this will be key to contingency planning against potential cyber threats.
Preparing for the worst, even if the worst never happens
Fortunately, it’s not all doom and gloom. As existing forms of attack continue to wreak havoc and new forms of attack materialise and make new headlines, businesses can use technology to test the impact of different types of attack and their different outcomes, simulating different strategies to cope with the fallout.
Supply chain modelling technology that allows businesses to build digital models of their physical supply chains is readily available. With this technology, businesses can test ‘what-if’ scenarios and inform contingency planning through a process that is becoming commonly referred to as ‘digital twinning’.
By feeding data from the supply chain into the modelling software, businesses can build a digital model of their physical supply chain. Different scenarios such as moving production to different facilities can be tested in this safe, risk-free digital environment without impacting the physical supply chain. If one test scenario fails to provide the desired results, the model can be reset and new scenarios can be tested.
What to look for in supply chain software
There are other applications that this technology can be used for beyond contingency planning against potential cyber threats. The technology has also become an essential tool for testing supply chain scenarios that help businesses contend with other modern challenges such as increased sustainability or protecting the bottom line against trade wars and tariffs.
Organisations reap the greatest benefits by investing in supply chain design and decision making software that provides one single end-to-end supply chain data model and reference system. It should provide visualisation of your existing supply chain in its current state, complete with descriptive and diagnostic analytics. It should enable decision making in a risk-free digital environment with predictive and prescriptive analytics and feature custom built apps that allow those decisions to be put rapidly into action.
In the age of ransomware, weaponized email attachments and other malicious cyber threats, businesses operating complex supply chains must start thinking about when, rather than if, a cyber attack will impact them. To lessen that impact the best they can, businesses must invest in supply chain modelling technology that provides a risk-free testing environment for multiple scenarios, providing readiness and resilience in the face of escalating cyber threats.
Don Brenchley, Director of Industry Strategy, LLamasoft
Don is a retail supply chain and IT management professional with an exceptional range of commercial experience and highly respected by colleagues in the global supply chain community. His experience includes management roles with blue chip organisations including Procter and Gamble, J. Sainsbury and Safeway. This practical experience has been invaluable in later leadership roles with consulting and retail technology organisations.
He matches pragmatism with innovation and thought leadership to help scope world class capabilities in leading organisations. He is a champion of the collaborative supply chain and believes fervently that technology is part of the supply chain and not apart from it.