Cyber Risk in Supply Chain

Cyber Risk in Supply Chain

On the 14^{th of} May 2021, the Irish health service was the victim of a ransomware attack.  The attack forced the immediate shut down of all of the services’ IT systems.  The immediacy and scale of the disruption from such an event, has made cyber risk in supply chains an attractive target for cyber criminals.   This is combined with the urgent need to restore operations.

Over the last six weeks, systems have gradually been brought back online.  Despite the efforts of domestic and international experts, however, elements of services continue to remain reliant on operating with pen and paper. As well as the disruption to systems, there is an expectation that the private information of hundreds of thousands of patients has been compromised, and is at risk of being sold.

There have been well publicised attacks on logistics providers and on critical supply chains including, more recently, vaccine supply chains.

We are not about to declare ourselves as cyber security experts – there are many better qualified to take up that mantle. 
What is clear, however, is that the sophistication of these groups has moved to a level where it is not just an IT, but a whole of business responsibility to consider:

• how attractive is your business as a target for cyber criminals?
• what are the potential areas of vulnerability in your own network, and across your partner ecosystem?
• which defences might be required in order to mitigate these risks?
• what are your planned actions in the event of a successful cyber-attack?  These actions should look, not only on systems recovery, but on the protection of sensitive customer and business information.

We can be sure that those involved in this activity will continue to refine and evolve their practices.  Their focus will be to maximise their effectiveness and profit potential.    As a result, we can expect this threat to continue to grow in terms of likelihood of occurrence, and potential impact on the business.