Understanding why UK digital supply chain cybersecurity is crucial
Enterprises in the UK especially were hit hard by the double whammy of changing processes in the wake of Brexit, and supply chain fluctuations as a byproduct of the pandemic. The turbulent climate caused many to rely on digital solutions to overcome business challenges that had been lurking for a long time — but now stood to benefit from accelerated digitalization.
Service providers have built applications to assess demand and supply requirements, and implemented automation to address rising costs and personnel shortages in this area. Brexit has led some enterprises to realign the core systems of their supply chains with the aid of digital provider partners.
Service providers have pivoted quickly to prevent physical supply chain headaches with digital solutions such as blockchain tech for tracking and tracing goods; customer service platforms to provide better online customer experiences and direct-to-consumer strategies; offering alternative payment options including, increasingly, cryptocurrencies; even hyperscale adoption of cloud and data storage services, across sectors.
And as sustainability and decarbonization have become major focus areas across Europe, many enterprises in the UK are aiming for carbon neutrality and zero emissions by 2030, says leading UK researcher and consultancy ISG Digital Strategy and Solutions. Reliance on greener technologies and data-driven insights to better understand sustainability roadblocks will only shoot up in the coming years — but as that gets underway, looming cyber threats will become more apparent (and prevalent) in the digital supply chain than ever before.
According to Nathan Turajski, Senior Director at enterprise cloud data management specialists Informatica, the UK government is aware of these “security weaknesses and gaps”, and is already enacting legislation like the Product Security & Telecommunications Infrastructure Bill to counteract cyber risks.
TechHQ: Why has the awareness of cyber threats facing British businesses reached an all-time high over the last year-plus?
Nathan Turajski: In the run-up to the pandemic, businesses were relying more on sensitive data to support their digital transformation, with personal data fuelling everything from customer experience programs to detailed analytics.
The shift to remote work not only accelerated this trend, but also created serious data security issues. There was a huge increase in the flow of data to ‘untrusted environments’, such as home offices.
Homeworkers became an increased target almost overnight. Traditional phishing attempts, ransomware threats, as well as email and social media scams accelerated. While sophisticated technology companies and highly regulated industries, including financial services, insurance and healthcare, are typically more prepared, organizations that delayed their digital transformation suddenly found themselves blindsided. They had to manage a sudden, drastic transition to digital-first operations while contending with security threats. It’s no wonder we saw stories about ransomware and cybersecurity breaches almost daily in the first year of the pandemic.
THQ: What are the main cyber threats that have caught the attention of British/EU industry and enterprise?
NT: Cyber scams that target end-users are at an all-time high, which should come as no surprise. The weakest point in any system is human inexperience and error. The average employee operating on untrusted networks and unsecured devices represents the path of least resistance for scammers, where they can operationalize ransomware attacks that compromise valuable business data by gaining access to sensitive data within corporate networks.
Less adept organizations are still grappling with how to safely manage and share sensitive data with end-users. Often workers lack basic cybersecurity and data governance literacy, and unfortunately, are simply negligent when handling data outside of a traditional enterprise network.
THQ: How is the encroaching cyber threat landscape a hazard to secure supply chains in the region?
NT: The pandemic has created the perfect storm. Businesses are more reliant on supply chain partners than ever, while simultaneously having less visibility over them and having to rely upon a diversified supply chain ecosystem that naturally increases risk of cyber threats. Underpinning all of this is a complex data flow, where any change – such as working with a new third party, where traditional governance controls must be adapted for the new operating environment – brings a degree of increased risk.
Any cyber threat to supply chains is amplified due to the potential for catastrophic outcomes for our ‘just in time’ interconnected systems. Look at how supply shortages in chips are impacting industries around the world, then magnify them tenfold. A ransomware attack that brings a single country’s ports offline could bring entire industries to a standstill, instantly.
Today, hackers are able to exploit systems that were once fairly reliable. Supply chain controls that detect abuses and extend visibility for threat insights must be adapted, while new risk assessments must be completed and new policies put in place to avoid data leakage.
THQ: How can data and, specifically, analysis of data help ascertain the security readiness of the digital supply chain in the UK?
NT: Understanding digital supply chain security readiness starts with a risk assessment. Fortunately, existing data governance tools can be used for the UK’s digital supply chains. Data governance has been adapting from on-premises to cloud and to distributed environments for some time, so it’s not a huge leap to extend visibility when adopting new cloud-hosted business models.
YOU MIGHT LIKE
Why CISO is now the third highest-earning job in UK
Data discovery and lineage insights are a critical first step to understanding what sensitive data is at risk in the supply chain. This visibility can support risk assessment tools to measure exposure and, ideally, be tied to automated data protection based on high-priority threats. For example, a business could obscure specific data during order fulfillment when records are provided to a third party, ensuring no unnecessary personal or other sensitive data is exposed during transmission.
THQ: What are the changes in the UK Government’s proposed plans, that are enhancements over the past cybersecurity rulings?
NT: There are new laws being proposed in the UK that seek to address security weaknesses and gaps, primarily via the Product Security & Telecommunications Infrastructure Bill. This legislation would establish baseline security in connected devices, even going so far to ban universal default passwords.
Newer cyber security proposals, such as the National Cyber Security Centre’s Cyber Assessment Framework (CAF), is another important initiative to help shore up gaps in the current cybersecurity landscape. The first step to understanding new threats is assessment, and the CAF is a tool to systematically evaluate cyber threat mitigation readiness and resiliency.
In its efforts to raise the bar on security through meaningful legislation, the UK is arguably in a leading position to help protect its economy from the impact of cyberattacks.
THQ: Do you feel that the new plans will have enough security positives for both UK businesses and digital supply chain fulfillment partners?
NT: Data security and personal data privacy proponents live by simple truths, one being that security risk management is a journey rather than a destination. We don’t know if risk can ever be fully eliminated, but we can take measures to reduce our exposure to attacks and avoid being exploited – or at the very least, lessen its impact.
Any effort that raises awareness to protect what we value most, establishes new standards, and starts a conversation on how to improve the new status quo can only help us stay one step ahead of attackers and negligent parties.
17 March 2023
17 March 2023