Fortifying supply chain security by tackling endpoint exposure

The number of supply chain cyberattacks in the US rose by 42% in Q1 2021
30 June 2021

The healthcare supply chain, with its sensitive, much-needed cargo including temperature-controlled vaccines was devastated by cyberattacks early on in the pandemic. (Photo by Tony Karumba / AFP)

Supply chain efficiencies were pushed to the brink during the height of the COVID-19 pandemic, and the security posture of many a supply chain experienced cracks on an unprecedented level.

Supply chain integrity was challenged by cybersecurity threats across a swath of industries – and this at a time when most businesses experienced supply chain disruptions in one form or another. Even critical healthcare services were not spared the security threat onslaught, with the HG Healthcare Cybersecurity report outlining how there have been 592 breaches of unsecured protected health information in the US. Out of that 592 reported breaches, 500 cyberattacks were carried out within the last two years alone.

The HG Healthcare report went on to state that nearly a quarter (24%) of healthcare workers had not received cybersecurity awareness training at the time of the study. The lack of cyber security preparation in such a critical sector, especially as the pandemic waned on, took a toll on its supply chain efficiencies to properly dispense vital health supplies to hospitals, medical centers, and other key organizations involved in the recovery efforts.

The majority of these breaches were likely ransomware attacks, which reared their heads on a vast scale over the past couple of years. But it was not just health services, industries on a broad scale experienced targeted attacks in their supply chains – and it is still ongoing. Research by CIPS indicated that the number of supply chain cyberattacks in the US rose by 42% in the first quarter of 2021.

Ransomware was not the only type of attack to expose security flaws in the supply chain, with the Federal Bureau of Investigation (FBI) publishing its Internet Crime report that illustrated how that phishing attacks – where a malicious party poses as a trustworthy or recognizable source to invade closed systems, often by email – are the number one complaint among business owners in the US, with associated losses totaling US$1.8bn in 2020.

The exposed nature of critical endpoints in the supply chain, such as employees using unsecured personal or even company devices that lack security features, highlights exactly why comprehensive endpoint protection is already vital for many organizations. The complexity of supply chain processes, coupled with the worrying risk landscape since the pandemic, means that endpoint security needs to be prioritized for devices within a workplace ecosystem, either through a connected network or via a cloud-based system.

Companies need to leverage solutions from vendors that can provide end-to-end protection throughout the organization and its infrastructure, managing risks across all links of the supply chain including manufacturing, production, distribution, operations, and maintenance.

By making endpoint security a crucial component of the firm’s risk management strategy, IT teams will have the peace of mind to shore up other exposed aspects of the supply chain, such as designing a cybersecurity framework that can cover things such as both legacy and modern operational equipment, narrowing the potential exposed points as much as possible.