Supply chain cybersecurity tends to sometimes take a back seat to other critical business activities. Then something hits the headlines—and electronics OEMs are reminded that they are a juicy target for cybercriminals. They are really good and what they do and they are getting better.
Just last month chip maker Microchip Technology found that it had been targeted in this way. The company told the SEC in a regulatory filing that “an unauthorized party disrupted the Company’s use of certain servers and some business operations.” The company had to lock down and isolate some of its systems and start an investigation to understand the scope, nature, and impact of the attack. Eventually, the company realized that the attack had impacted several of its factories and involved the theft of employee information by the Play ransomware gang.
This type of thing is disruptive. Further, it’s very possible that the company’s bottom line and its corporate brand will be impacted. Only time will tell. For the rest of us, it’s a timely reminder that cybercrime is real. We also need to get our partners thinking about it—because after all, we share information across systems. It’s a vulnerability.
Not only are electronic supply chains a good target, these types of attacks are becoming increasingly common. Roughly one-third (32 percent) of cybersecurity attacks last year involved ransomware, according to the 2024 Verizon Data Breach Investigations Report. Meanwhile, market research firm Gartner recently identified cyber extortion, where criminals execute ransomware attacks to extort funds from supply chain organizations, as one of its top trends for the supply chain this year. It’s something we need to be thinking about.
What all that says is that we have to be thinking differently. There is no question “What if we get attacked?” We have to assume that cyber-attacks will occur and think about working to make ourselves a less easy target—and have processes in place to react quickly and assertively when something happens.
Cybersecurity can be a hard topic to get our arms around. However, common sense goes a long way to increasing safety. There are three things to think about:
- Be smart and stay alert. People are often the weak link in the security system. They click on a link they shouldn’t. They share their passwords—and write them on sticky notes or use the same one all the time. In our organization, we try to keep awareness high. We let people know when something “phishy” has been going on. And we periodically train people on the latest scams and approaches. Whenever possible, we try not to learn things the hard way.
- Work across departments and the partner network. Supply chain technology leaders should collaborate with IT leadership to confirm ransomware attack scenarios are included in the corporate risk management processes and develop a detailed ransomware incident response playbook, Gartner suggested in its report. Further, audit security practices of critical partners. By identifying the staff, contractors, vendors, and suppliers with system access, you can start managing the potential risk.
- Listen to the experts. The good news is that none of us have to do any of this alone. Best practices exist and are a great place to start the planning process. For example, the National Institute of Standards and Technology (NIST) has created a set of supply chain security best practices.
We need to stay on our toes and keep cybersecurity top of mind. By continued awareness and transparency within the organization, we can cut down on risks. Most importantly, we need to trust our guts—if something seems funny, there may be something going on. It never hurts to be careful. Finally, in terms of partners, integrity and trust are paramount. There’s no sense trying to hide trouble. In the long run, it makes things worse.
The post Cybersecurity: Remember, We Are All Connected appeared first on EPS News.