How to Build Resilient Supply Chains Against Cybercrime Threats
Paul van Nunen - How to Build Resilient Supply Chains Against Cybercrime Threats

How to Build Resilient Supply Chains Against Cybercrime Threats

Collaboration between Tech2B and CWB to make supply chains less vulnerable to cybercrime

Digitisation makes the manufacturing industry an increasingly attractive target for cyber criminals. The Cyber Resilience Center Brainport (CWB) translates the expertise that large companies build up in this area to small and medium-sized manufacturing companies. And it brings companies together so they can learn from each other. However, as Paul van Nunen , director of Brainport Development , notes, humans remain the weakest link when it comes to cybersecurity. That is why cybersecurity should be a Chefsache. However, the reality is different. Can a platform like Tech2B play a role in this?

The digitisation of entire supply chains means that cybersecurity should be high on the agenda of every manufacturing company. It doesn't matter if all machines in the workshop are connected to the internet or not. Cyber criminals can enter through office automation and completely paralyse a company. "A digital hostage-taking will shut down your operational side of the company; they freeze data and demand ransom," says Paul van Nunen. And if it's not directly about money, they'll watch what's happening in your company: orders, processes, parts you produce. "Because in addition to monetary gain, the second reason hackers penetrate is that they are looking for information about technology and business processes." Pure espionage. And a third reason is more related to geopolitical developments. Some countries are looking for ways to shut down important sectors in Europe in order to disrupt society and the economy.

One incident can shut down the entire chain

There are plenty of reasons why cybercriminals are targeting the IT systems of production companies. As the partners in the long supply chains of the manufacturing industry become increasingly intertwined digitally, the risk increases that such a chain will be hit. The high-tech manufacturing industry in the Netherlands is particularly interesting because shutting down companies in this sector causes more damage than if the baker on the corner can no longer bake because his IT system has been hijacked. This is especially true now that the semiconductor supply industry is seen as an important sector for the Dutch economy. Paul van Nunen says, "Every company is a link in that chain. Digital intrusion into one of these links can shut down the entire chain." This doesn't even have to happen by penetrating the IT systems of an OEM through the backdoor of a smaller supplier. "There is a lot of compartmentalisation between the links. But if a small company that makes important parts for a high-tech machine cannot produce, the OEM cannot complete the machine. We saw this during COVID-19 and last year after the invasion of Ukraine. If one important part is missing, the whole system doesn't work."

More companies are falling victim to cyberattacks

That's why the Brainport region has put the issue high on the agenda. Not without reason, if you look at recent figures. The Cyber Resilience Survey SME Brabant 2022 showed last year that 51.5% of participants - Brabant's SMEs - have had to deal with a cybersecurity incident. Paul van Nunen thinks this figure is actually higher because companies often find it difficult to admit that cybercriminals have penetrated their systems. "They want to be a reliable partner." This reticence is unjustified, according to the director of Brainport Development. The steps the company takes in the first hours are crucial. "That's where we support companies so they can quickly access experts who can help them." He estimates that in the manufacturing industry, at least two out of five companies have already experienced cybercrime. "Manufacturing companies are above average interesting." That's why a second figure from the aforementioned survey is actually more alarming: cybersecurity is only on the agenda at barely half of the companies. Cybersecurity is something abstract for many companies; they think they have solved the problem by outsourcing their IT management. "However, cybersecurity begins with awareness. All employees must be aware of the risk. Be alert that passwords are regularly renewed. Close your laptop when you leave your workspace. Don't just open attachments. The biggest vulnerability is the human factor," says Paul van Nunen. That's why the Cyber Resilience Center Brainport has developed knowledge cards that give employees in the manufacturing industry very practical tips on how to reduce risks.

Knowledge cards (Dutch Only)

Download CWB's A4-sized Prevention, Emergency, and Knowledge Cards, including topics such as Phishing, Ransomware, and IT Suppliers, with recommended actions to improve cyber resilience;

Selection argument for buyers

The word has been mentioned: reliability. Manufacturing companies, wherever they are in the supply chain, want to be seen as a reliable partner to their customers. As a manufacturing company, you will have to demonstrate this in a few years' time. There is legislation coming that will enforce this. The CWB, together with partners, has developed a certification scheme. This is derived from ISO 27001 and intended for companies for whom ISO certification is not necessary. The CWB has defined three maturity levels: basic, intermediate and advanced. A manufacturing company that goes through these three levels receives a certificate that they can use to demonstrate to others that they work safely. Creating awareness is part of the steps that need to be taken to qualify for certification. Tech2B, the platform that connects companies in the high-tech chains, will also support both buyers and smaller manufacturing companies on the road to this future. In their profile, manufacturing companies can indicate which Cyra security ranking they have and whether they are already certified. "If buyers want to invite companies for an RFQ (Request for Quote), they can tick security as a condition in the future. Cybersecurity becomes part of the business model. Certification can then become decisive in getting an order," says Sjors Hooijen , CEO of Tech2B. In addition, the platform will offer the knowledge cards developed by the Cyber Resilience Centre to help companies take their first steps in cybersecurity on the knowledge-sharing section of the Tech2B platform. "By working together, we make more companies aware of the dangers." The team that works daily in the background on the development of the platform continuously pays attention to its security. The platform has an external party perform a security check every quarter and applies the latest IT standards.

Paul van Nunen believes that every manufacturing company should put this topic high on the agenda. Directors and owners must actively get involved. "The director must want it. It is Chefsache. Because cybersecurity directly affects your primary process. The idea that you take action and then everything is taken care of is an illusion. This is partly because cybercriminals develop new methods and techniques at lightning speed and partly because the human factor remains the weakest link. You have to keep paying attention to that."

Paul Grefen

Boundary spanner in digital business - bridging the worlds of academia and industry, theory and practice, business and technology.

1 年

Important topic in current times. Good move to take security certification as a partner characteristic in the Tech2B platform.

Looking forward to our collaboration! Very valuable that we are raising cybersecurity awareness among SMEs together!

Berry Nouwens

PartSupply | Waar de passie voor metaalbewerking begon | Auteur "Geld verdienen met je toeleverancier"

1 年

Sjors, de blog waarin je spreekt met Paul van Nunen geeft een mooi overzicht van de activiteiten die je kunt doen om het bedrijf te beschermen tegen ongewenst aanvallen. Zo is het naar mijn mening niet altijd buitenlandse mogendheden die de aanvallen inzetten, maar ook enorm veel doehetzelvers die na het boek zoals Hacking een poging doen om een systeem binnen te komen en deze specifieke kennis met vrienden delen hoe men zijn entree kan maken binnen een systeem van een bedrijf. Daardoor dat deze aanvallen frequenter dan men in algemeenheid verwacht. Goed werk en tevens erg belangrijk deze kennis te delen. Dank je Sjors. Nuttige informatie.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了