On and Off Shore Hacking: Supply Chain Cyber Developments in 2019

Cyber incidents were ever more important for supply chain risk managers in 2019, in particular for companies with a global footprint.

Cyber incidents continue to pose an ever increasing menace to secure and efficient supply chains, with 263% more incidents recorded in 2019 than 2018, both in familiar supply chain risk categories such as ransomware, vulnerabilities and data breaches (including data theft, data crime etc.) as well as new ones, such as Advanced Persistent Threats (APTs). Of these, vulnerabilities, ransomware and APTs posed the principal threats of 2019, highlighted by incidents such as healthcare product vulnerabilities reported by US DHS, LockerGoga at Norsk Hydro, and Vietnamese and Chinese APTs targeting multinational manufacturers. The Norsk Hydro case provides a notable learning opportunity for globally operating companies in terms of disclosure and incident response as the ransomware impacted both corporate functions and production across several sites. The principal threats to supply chain cyber security in 2019 are all likely to worsen in severity in 2020 in light of aging operating systems, ransomware further approximating to productive facilities as well as increasing geopolitical competition. Companies with sophisticated supply chains should audit, increase visibility, and facilitate communication with supply chain risk managers and IT professionals to ensure the utmost in cyber defense for the sake of continuity and security.