Keeping the Chain in Check

The recent hacks and attacks on a collection of big-name UK retail institutions raised a lot of alarms. They were a costly demonstration of how even these commercial giants are vulnerable without the right cyber security measures in place.  

For everybody watching it was a stark reminder of how important their existing cyber security practices are. And it also provides the perfect opportunity to assess them before it’s too late. 

Behind the Headlines

It’s always interesting for IT Professionals when a cyber security event breaks through the news cycle to make headlines. 

But this is just the tip of the iceberg. Moving past these headlines to investigate the potential root causes, consequences and solutions is a big part of our proactive method to keep clients safe.   

All of which highlights a new and sharper focus on the importance of supply chain security. 

Protecting Your Organisation Means Securing Every Link

Consumers all, quite rightly, think of how their information and data may have been compromised in these situations. However, for the wholesale distribution and retail sector there are often so many moving parts to the supply chain before customers and clients are engaged, which makes bad actors and hacking groups identify them as lucrative targets. 

The logic here is simple. As supply chain logistics move so quickly, particularly within sectors such as food and other perishable goods, the urgency to keep operations flowing plays right into the hands of cybercriminals. If successful, they know the operational and reputational damage can be catastrophic, so their requests for ransom fees are given short and frightening deadlines with added impetus and danger. 

And the facts available support this overwhelmingly too with an astronomical 2600% rise in supply chain cyberattacks since 2018. 

Supply Chain Security & Solutions Explained

Implementing the greatest supply chain cyber security means understanding the components involved and how they can be exposed to vulnerabilities and attacks. This forms an important part of how digital tools can be a transformative influence on your overall supply chain efficiency and success. It allows you to visualise how big your attack surface actually is and identify the points that may be leaving your organisation exposed. Reports show that few organisations are taking this as seriously as they should with only 14% saying that they review risks from immediate suppliers and a tiny 7% looking at the wider supply chain. 

Working with a technology partner or your IT team in a regular, consistent and proactive way is vital to attend to this issue and it can be a challenging one to address. 

Let’s take a look at the elements you should be considering and how to approach them.

Vendor & Supplier Risk Management

Your vital business data and information moves constantly through a supply chain, outside of your immediate control. You must ensure that the security practices of every supplier are well vetted with regular risk assessment to their own third-party vendors and products. Defining your strict cyber security requirements and clauses in a contract is always advised with evidence of appropriate compliance and regulatory adherence as a non-negotiable aspect. 

Secure Data Handling

Always remember the Principle of Least Privilege. Every supplier, user, system or digital tool must only ever see or process the information and data that it needs to do its job, and nothing more. Using data encryption for sensitive information when it is in transit and at rest goes a long way to keeping it protected should it ever be compromised across the supply chain, too.  

Incident Detection & Response

As the recent attacks have shown, there is always the chance that a threat will be realised despite strong defences. This is where your incident response capability and strategy will become incredibly important. Implementing the right tools to monitor, log and track any suspicious activity creates a library of information for your organisation to continuously use, and informs the constant iteration of your defences.  

The plans for this should include any actions required from your vendors and suppliers in the supply chain. It’s also up to you to decide and define what their responsibilities are in terms of notifying you if they have been compromised. Clear and strong communication across all stakeholders is key. Our Managed Extended Detection and Response service can help you to monitor any threats before they occur so you can rest easy that you’re one step ahead.

Disaster Recovery

Getting back online and operational in the fastest and safest way possible is paramount. Preparing for the worst-case scenario means documenting a disaster recovery plan to make all this happen in a seamless way, with all responsibilities, action paths and personnel clearly stated. Running the plan through in regular tests and drills is the best way to ensure everybody knows their role and what tools to use. BCN’s Backup Services help to protect your operations. 

Awareness & Training

Your people are your greatest line of defence and your biggest potential weakness. The statistics have shown for a long time now that human error is responsible for 95% of successful cyber-attacks. This can either be through active mistakes such as clicking malicious emails or more passive errors with weak password management. 

Creating a culture of cyber security for your organisation, such as a cyber security pledge, is the only way to be satisfied that your people have all the support they need. Regular training, updates and workshops shared right across the organisation should provide the best foundation for this culture to be adopted. 

BCN’s Security Awareness Service provides regular simulated phishing campaigns and engaging training to your employees to create a cyber-aware culture, learn more here. 

Impact & Consequences

Operationally, the impact of a cyberattack in retail will inevitably mean long term disruption for stores and their online presence that can reach eye-watering losses for turnover. In terms of reputation, the consequences are more difficult to measure, however it is easy to see how customer behaviour and support could be influenced for a very long time.  

If customer data is also compromised there will be several wide reaching legal and regulatory investigations. The findings of these will be made public and any lack of security measures will be highlighted. This can present a long road back for customer trust and regulatory approval. 

Perhaps most importantly, these attacks can all still happen despite robust incident detection and response. 

This may be the biggest lesson to learn of all from recent events. 

Without the proper reaction capability and remedial processes, the effects will always be catastrophically worse. For every business watching, that should act as a prompt to make sure they are as ready as they can be to proactively prevent and realistically respond to any supply chain security vulnerability. 

Why Choose BCN as your Supply Chain Technology Partner?

At BCN we have decades of knowledge in the digital management of supply chains, with direct experience for in cyber security for wholesale distribution, and manufacturing industries.

Our clients understand that their success is what drives us in every solution we create, maintain and manage. We can only achieve this through a dedicated approach that places people at the centre of every project we undertake, with the most comprehensive understanding of how technology and digital tools will help them. 

What’s your Security Score?

The BCN cyber security is available to help you navigate security in the very best way.  Our free initial assessment will give you a cyber secure score that details how exposed and vulnerable your organisation may be. We can then begin to discuss possible solutions and assist with the preparation of a robust Incident Response Plan to address any gaps for the interim period. 

It makes sense to act now, and we are always ready to help and happy to talk.