The rise in connectivity and subsequent reliance on digital systems has contributed to manufacturing industries becoming more desirable targets for cyber threat actors. Specifically, such actors have been increasingly exploiting the interconnected nature of modern manufacturing ecosystems by carrying out cyber attacks against the supply chain. Manufacturers rely heavily on a complex network of suppliers, vendors, partners, and services providers to obtain the resources needed for their operations. If this interconnected supply chain is targeted by cyber attacks, it can lead — and, in recent years, already has led — to a wide range of negative consequences.
What Are Supply Chain Cyber Attacks?
Supply chain cyber attacks refer to the compromise of cybersecurity vulnerabilities within an organization’s supply chain network to steal sensitive data, gain unauthorized access, or worse disrupt operations. Supply chain cyber attacks can have rippling effects on the interconnected web of suppliers, vendors, contractors, and partners that an organization relies on to deliver goods and services.
Consequences of such attacks include delays in production processes, which can impact an organization's ability to meet customer demands and fulfill orders. This form of cyber attack can also cause manufacturers to face financial losses, reputational damage, or legal and regulatory consequences regarding data protection, cybersecurity, and privacy. In the worst case scenario, a cyber attack on the supply chain can lead to safety issues including tampering with product design or functionality, contaminated or substandard components, disruption to essential services such as power, water, transportation, and communication, or public safety threats in sectors such as defense or emergency services.
Cybersecurity threats to the supply chain should not be taken lightly, and unfortunately have wreaked havoc globally in recent years. Below, we will discuss some of the major examples of supply chain disruptions and how they have impacted society.
Examples of Cyber Attacks on Supply Chains
According to PWC’s 2020 Global CEO Study, the number of cyberattacks on manufacturers spiked by more than 300%, accounting for 22% of attacks across all sectors. This rise in manufacturing cyber attacks has been triggered by various factors including the normalization of remote and hybrid working environments, the prevalence of legacy devices and systems, and the escalating availability of ransomware-as-a-service offerings among cyber threat actors, to name a few. These factors have led to detrimental attacks on the manufacturing supply chain, including the following incidents:
JBS Foods Cyber Attack
The world's largest meat distributor, JBS Foods, was compromised by an "organized cybersecurity attack" which — via ransomware — affected their U.S. and Australian supply chain operations. The incident rippled through the meat industry, causing some plants to shut down, workers to be sent home, and livestock to be sent back to farmers after being transported for slaughter.
The JBS Foods ransomware attack highlighted how cyber threat actors are gaining access to the supply chain and emphasized the need for solutions, prevention strategies, and cyber awareness in this domain. Without the proper OT cybersecurity strategy in place, manufacturers will be more likely to suffer from supply chain attacks much like the high-profile incidents we have seen recently.
NotPetya Ransomware Attack
The NotPetya ransomware attack took place in 2017, and is still widely regarded as the most damaging cyber attack in history. Although this supply chain attack was intended to target Ukrainian organizations in an effort by Russian military intelligence to cripple Ukrainian critical infrastructure, the self-propagating nature of the ransomware it employed caused it to rapidly spread far beyond such targets.
Indeed, the large multinational firms impacted were numerous, including the shipping company Maersk, which had its entire operations come to a halt and created chaos at ports around the globe. Additionally, the pharmaceutical giant Merck was hit hard by the attack, halting manufacturing, research, and sales — leaving them unable to supply vaccines to the Center for Disease Control and Prevention (CDC). There were also several other large corporations who had their servers down and therefore were left unable to carry out essential services. The downstream disruptions to customers following the attack were also servere, and a conservative estimate implied a $7.3 billion total loss. The incident brought the magnitude of supply chain vulnerabilities to the forefront and highlighted the dire need for critical infrastructure cybersecurity sector-wide.
Read the article in full here.