CYBERATTACKS ON SUPPLY CHAINS ARE EMPHASIZING THE NEED TO DEVELOP CLOSER INTELLIGENCE SHARING RELATIONSHIPS WITH LAW ENFORCEMENT AGENCIES

Last year, Cybersecurity Ventures predicted that cybercrime would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Cybercriminals continue to target global corporations at the heart of their operations, and particularly their supply chains.

In the latest Allianz Risk Barometer 2020, cyber incidents top the chart as the top business risk for companies globally and regionally in Asia Pacific for the first time ever, after receiving 35% of responses from more than 2,700 risk management experts in over 100 countries and territories – the largest number of respondents ever.

 

With the increase of attacks, resilience has become a key driver for any organization managing a complex global supply chain. The World Economic Forum reported that, in 2018, information loss and business disruption accounted for over 75% of total business losses from cybercrime.

 

TAPA’s Worldwide Council, a global forum of experts from the Americas, Asia Pacific and Europe, Middle East & Africa, is developing a Supply Chain Cyber Security Standard to address the issues arising, particularly with more companies embarking on their digitalization transformation journeys. 

 

Recently, the managing director of logistics giant Toll Group warned other CEOs they must expect to suffer the horror of a major cyber-attack, and called for greater collaboration between business, government and regulators to tackle this growing global threat. In his first interview since Toll was hit by a major ransomware attack known as Mail to on 31 January, Thomas Knudsen, told The Australian Financial Review it had not yet found out where in the world the hackers had come from, but was almost through the final stages of bringing its more complex customer systems back online after five and-a-half weeks. 

 

A call for greater collaboration

Tony Lugg, Chairman of TAPA APAC, said: “Mr. Knudsen is right to call for greater collaboration amongst the industry and I applaud him for doing so. Cyberattacks of this nature are becoming all too common and impacting manufacturing plants, Tier One suppliers and logistics providers.” He went on to say “TAPA will be working with more Law Enforcement Agencies across the APAC region and has appointed Steve Mullins as TAPA Board Steering Committee Lead for Regional Law Enforcement Liaison and Trade Compliance to build more collaboration within and across the Americas and EMEA regions too.”

 

In 2017 and 2018, according to Symantec, supply chain attacks rose 78%. “Cyber criminals have realised that the supply chain has many weaknesses and with the increase of digitalization and IOT, it is time for CEOs to make cyber security at least a quarterly boardrom agenda item.” Lugg said. 

 

“The responsibility cannot be solely placed on the Chief Information Officer. Leaders in the supply chain need to ensure that their suppliers are also addressing cyberattacks and ensure it is documented in back-to-back contractual agreements,” he added. In 2019, Airbus responded after a number of their suppliers were attacked, with Bloomberg reporting that Airbus SE has now taken steps to shield itself from cyberattacks targeting the European aerospace and defense company through subcontractors’ computer systems.


Working closely with law enforcement agencies


“With increasing reliance on data, IT systems and digitalisation, companies face a growing number of cyber challenges, including larger and more expensive data breaches, an increase in espionage, hacker attacks, ransomware and spoofing incidents. Companies need to stay one step ahead of cybercriminals by anticipating possible technology loopholes and challenges,” Steve Mullins comments. 

 

Cyber security has more and more visibility throughout the industry, including through government organizations like Customs Trade Partnership Against Terrorism (CTPAT) and as reflected in the changes to the Minimum Security Criteria. “TAPA will be working closely with Law Enforcement Agencies such as INTERPOL to share data on corporate cyber incidents reported by our members and to keep our members well-informed on the latest cyber threats,” Mullins went onto say.


A report by INTERPOL on cybercrime in Southeast Asia has already highlighted the key emerging cybercrime trends and threats which continue to be faced by the region today. In the fight against transnational cybersecurity breaches, TAPA’s focus will be to establish lines of communication with the INTERPOL Cybercrime Response Team to share real-time supply chain cybercrime incident data and to identify emerging cyber threats in a similar fashion to how TAPA shares cargo crime data from its IIS (Incident Information Service) global database with Law Enforcement Agencies for the prevention and detection of crime. Steve Mullins said: “TAPA APAC’s intention is to set up a single point of contact with these agencies to improve the exchange of crime data to help TAPA members.”


INTERPOL’s ‘ASEAN Cyberthreat Assessment 2020’ provides an in-depth analysis of the cybercrime trends and threats confronting the Association of Southeast Asian Nations (ASEAN) countries, and provides strategies for tackling them.

 

Evolving cyber threats with digitalisation   

 

TAPA members not already doing so should take additional preventive measures to tighten supply chain security against cyber threats, including:

 

·        Conduct supply chain risk assessment to identify new and emerging cyber threats

·        Upgrade security monitoring and measuring systems to higher standards

·        Maintain secure back-ups for digital assets

·        Share cyber threat intelligence among industry partners and report incidents in IIS

·        Leverage TAPA training courses to provide regular staff training for security and anti-phishing awareness

·        Purchase insurance cover which factors in cyber risks affecting the supply chain

 

Larger business interruptions from new causes

 

Despite dropping to second position in the Allianz report, business interruption remains one of the most significant risks given the trend for larger and more complex direct and indirect losses from traditional causes, such as natural catastrophes, and new causes, such as digital supply chains or civil unrest. The civil unrest in Hong Kong, for example, affected the region indirectly with multinational companies staying away and local employees unable to access their workplaces due to safety concerns.

 

This reflects the need for TAPA members to:

 

·        Maintain logistical and digital assets to prevent unexpected downtime

·        Enhance the security of assets by acquiring higher TAPA Standards

·        Build up a redundant supplier base to reduce supplier risk and monitor credit scores

·        Review your Business Continuity Plan (BCP) regularly for risks arising from new causes

·        Create a disaster recovery plan that goes beyond the BCP

·        Practice and activate your BCP so staff know how to enact contingencies

 

These top perils – cyber threats, business interruptions and climate change - have a critical impact on the operational performance, financial results and reputations of key stakeholders. Planning and managing for these risks in your supply chain structure is the key to business resilience in this age of digitalization. TAPA members may also take one step further to watch for emerging new technologies, such as artificial intelligence, smart objects and virtual reality that may instantly transform the supply chain industry and obsolete existing processes.

 

The UK's independent authority on cyber security, The National Cyber Security Centre, provides supply chain security guidance and proposes a series of 12 principles, designed to help you establish effective control and oversight of your supply chain. It offers a series of scenarios against which to measure the security of your supply chain. See their guidance by clicking on the link

https://www.ncsc.gov.uk/collection/supply-chain-security/assessing-supply-chain-security

“The idea is to give you some concrete examples of good and bad supply chain security to help TAPA members and other organizations begin the process of understanding their own situation,” Steve Mullins says.

 

For more information on Cyber Security, please contact TAPA APAC at secretariat@(*** please remove ***)tapa-apac.org