Mark Twain once remarked, “There are two certainties in life. Death and taxes”. Our modern age has added a third. Now, it should read “Death, taxes, and a hack”. As in it is now a certainty that at some point your organization will be hacked by cyber criminals.
Cybersecurity firms spend millions to reinforce the prevailing notion that breaches can be prevented with enough investment in security technology, but the reality is quite the opposite. In fact, a recent Gartner report “Maverick* Research: You Will Be Hacked, So Embrace the Breach” put a definitive line in the sand by stating,
“Cybersecurity breaches are inevitable, but many security and risk management leaders still think they can prevent all hacks by throwing people and money at their defenses. Instead of striving so hard to prevent breaches, they should focus on resilience and embrace hacks as incidents to learn from.”
This guidance is especially pertinent when we observe recent events such as the Colonial Pipeline and JBS ransomware attacks. Not only did these cyber criminals extort millions of dollars from these organizations, they also created significant disruptions in the related supply chains.
No matter what your IT department tells you, this threat is not new, nor is it something that they can easily manage, or will go away on its own. In fact, we’ve actually been blissfully unaware of the size and speed of this threat, and the statistics are frightening. Consider just 5 of the facts from the article 81 Ransomware Statistics, Data, Trends and Facts for 2021 by data security company Varonis:
- 37% of respondents’ organizations were affected by ransomware attacks in the last year. (Sophos, 2021)
- 60% of survey respondents experienced revenue loss and 53% stated their brands were damaged as a result.
- The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021)
- Experts estimate that a ransomware attack will occur every 11 seconds in 2021.
- The average downtime a company experiences after a ransomware attack is 21 days
These points alone will make any CEO break out into a cold sweat…and there are 76 more in the article. While there is no guarantee that removes fear, there are steps supply chain leaders can take to mitigate a potential disaster. In particular, the Gartner report advises companies to shift from a defensive position to one focused on building resilience.
To enable that shift in three steps, supply chains must protect, expand and evaluate:
- Protect your supply chain, and the data within, by using a platform that has been evaluated and proven to provide the greatest degree of protection possible. o9 has been recognized by cybersecurity leader BitSight as 1st in its peer group and positioned in the top one percentile across all companies in the supply chain planning space across hardware, application, and customer data. This was accomplished by stringent adherence to “security-by-design” principles which entail:
- All o9 employees, including new hires, undergo security compliance training.
- The development team undergoes additional extensive security training to understand the intricacies of cyber security.
- Code access is highly restricted to only relevant teams.
- Security team performs peer review before they can check in the code.
- Automated tests help capture some of the basics even before check in.
Our commitment to security is reinforced further by policies and vulnerability assessment and penetration testing (VAPT). This continuous process ensures that o9 makes monthly progress to enhance its existing security posture.
- Expand on the partnership with a supply chain planning company with a deep commitment to security, to embark on a digital supply chain transformation journey that includes enabling real-time scenario planning. With this in place, your operations will not suffer weeks long delays in operations caused by the challenge of a supplier or distributor falling victim to a ransomware attack. Instead, you will be able to find alternative workflows to continue your progress and deliver your goods on time, meet your SLAs, and ensure customer satisfaction.
- Evaluate your existing supply chain processes to uncover previously unknown weaknesses or risk points and address them during the new technology implementation. Until you are aware of the areas of exposure in your organization it is impossible to do anything about them. Through implementation due diligence, any partnering with a security conscious organization, you will identify and patch the unprotected vulnerabilities within your supply chain and shore them up with your new cybersecurity armor.
Completing these steps will change the way that hackers approach your organization. Your security will be evident. If hackers do target your organization, their task will be harder fought with less chance of reward, minimizing your organization’s financial pain and supply chain disruption.
To learn more about how o9 can help create a more secure, resilient supply chain in the face of cyber attacks, request a demo today.