January 4, 2024
Casinos, Clorox, and the King of England. Apparently no one is safe from the escalating tide of cyberattacks. And a threat can come through one of your suppliers.
Akhilesh Agarwal, COO & EVP, Global Procure to Pay Solutions & Applied Technology
Pro-Russia hackers claimed responsibility for crashing the British Royal family’s website in early October. MGM lost an estimated $100 million in damages due to a cyberattack in September. A cyber group backed by Iran said they’re the ones who took partial control of a water treatment plant in Pennsylvania at the end of November. Capital Health became the latest healthcare organization in the U.S. to fall victim to a ransomware attack. And Clorox shares fell more than 5% following an August cyberattack hitting a 52-week low.
How the Supply Chain Causes Vulnerability, Loss of Value and Loss of Customer Trust
“Even when an organization has layers of protection against cyber risk in place, creative criminals can enter through the back door – through the supply chain,” says Ross Garrigan of Darkbeam, provider of supply chain cyber risk defense solutions. “In fact, cyber incidents cause 50% of all supply chain disruption.” And supply chain disruptions brought on by cyber attacks have consequences:
- 307 days – data breaches originating in the supply chain take 233 days to identify and another 74 to contain
- $4.45M – the global average cost of data breaches in 2022
- 26X – multi-party data breaches create 26 times the financial damage of a single-party breach
So what’s a healthcare system, manufacturer, hotel, water system or royal family to do? A three-part automated approach is the best defense against a ransomware attack, business email compromise (BEC) scam, data breach or other innovative cyber crime.
- Score Suppliers for Threat Risk – Continuously monitor suppliers’ cyber risk aligned to the MITRE ATT&CK framework.
- MITRE ATT&CK framework: A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government and in the cybersecurity product and service community.
- Get cyber-secure – Uncover weak points within a company’s digital security systems that could impact your supplier ecosystem.
- Get cyber-savvy – Get ahead of cyber incidents with real-time updates on active data breaches affecting your suppliers.
“If you have an automated system of threat intelligence, you’ll identify breaches 28 days faster than without it,” says Garrigan.2
1 May 2023, Harvard Business Review article; The Devastating Business Impacts of a Cyber Breach
2 IBM’s Cost of Data Breach Report 2023
Use the AAMR Model To Slam the Back Door on Supply Chain Cyber Risk Vulnerability
What does a proactive cyber crime defense model look like? The key elements are automation, continuous monitoring, detail that can be shared to mutually resolve issues with suppliers, and a scoring methodology that is updated as a supplier’s exposure to risk changes.
It’s an old adage, but a prophetic statement by Benjamin Franklin: “An ounce of prevention is worth a pound of cure.” As the creativity of cyber criminals increases, and they continue to exploit the supplier avenue to steal millions, if not billions, from businesses, automated defense is a necessity. Supplier questionnaires simply cannot keep up with the changes in the cyber crime environment.
To truly be prepared, companies have to outthink the cyber criminals who spend all day, every day, coming up with a new way to steal the profits, destroy the reputations, hobble the operations, and reduce the market value of their victims.