Supply chain’s Blue Screen of Death
Hello, and welcome to this week’s edition of Straight Talk. Inside, we discuss:
To subscribe to all of Supply Chain Management Review's newsletters, go to our website here.
Cyberattacks and the Blue Screen of Death
If you didn’t hear, users of Microsoft systems had a meltdown last week. A global outage of Windows systems brought on by a simple update to Crowdstrike software shut down systems across the world. It left businesses unable to work, airlines unable to fly, and people unable to access their money at banking institutions.
The effects were extensive and worldwide. All because a Crowdstrike update to its Falcon Sensor endpoint protection conflicted with Microsoft’s software. The problem was quickly identified, but the impacts lasted for days.
The supply chain was also impacted. And while this instance was not malicious, it did expose the security gaps that exist and shows how easily (relatively speaking) it would be for a foreign actor to shut down the global supply chain.
All it takes is one piece of malicious code inserted into a computer update. How many computer updates does your company run on a monthly or even daily basis? Any one of those could trigger the infamous Blue Screen of Death that Microsoft users woke up to on the morning of July 19.
“The recent cyberstrike causing a Microsoft outage highlighted a critical vulnerability in global supply chains,” Ashray Lavsi, Prinicipal, MENA at global supply chain and procurement consultancy,?Efficio. “This disruption affected communication, halted production, and delayed deliveries, emphasizing our dependence on digital tools.”
Is there a way to prevent this from happening?
The easy answer to this question is no. No level of security is foolproof. No level of scrutiny can prevent a cyberattack. And any single cyberattack, in our globally connected, data-rich supply chain, can bring the entire chain to a stop.
A Cybersecurity Ventures report said the cost of cybercrime in 2023 was $8 trillion with projections it will surprise $10 trillion in 2025. The average business lost was $1.3 million per attack. Security software firm Astra estimates businesses suffer a ransomware attack every 14 seconds with more than 560,000 new pieces of malware identified each day.
And that is just the ones that are known—many businesses don’t report such statistics.
What can be done?
While it is almost impossible to prevent the Crowdstrike-Microsoft outage, there are steps companies can take to minimize the risk of a malicious actor successfully attacking their systems. We have run a series of articles in the past that address steps companies can take (you can find some of them under the search term “cybersecurity” on our website).
Tim Freestone, chief marketing officer for?Kiteworks, wrote an article for SCMR on a 2023 Kiteworks survey. In it he noted that 90% of companies in the Fortune 2000 are sharing sensitive content with over 1,000 external entities on a regular basis.
“Each new digital channel or API introduced into an organization’s technology ecosystem exponentially increases the risks, making it profoundly difficult to maintain consistent governance, security, compliance, and risk management across the board. The quickly evolving threat landscape compounds these challenges even further with cybercriminal groups continuously innovating more advanced, stealthy, and automated attacks specifically targeting vulnerabilities introduced by digital supply chain complexity,” he wrote.
A separate article from Brian Schultz, senior director analyst with Gartner Supply Chain Practice, spoke to what steps chief supply chain officers can take to minimize their risks.
领英推荐
“CSCOs are not expected to be substitutes for chief information security officers,” he said. “What they will increasingly be expected to do is have a grasp of how supply chain cyberattacks are evolving, including, for example, more sophisticated attacks that can impact products undetected until they reach the customer. They also need to play a leading role in third-party risk management, as attacks on key suppliers can cause significant business continuity disruptions.”
Schultz went to recommend three actions CSCOs can take, including:
Lavsi offered additional tips. “Diversifying suppliers, establishing alternative communication channels, and maintaining manual backup processes are crucial steps,” Lavsi said. “Additionally, strengthening supplier relationships and increasing inventory buffers can help cushion the impact of future disruptions.
These are just a couple of ideas to prevent cybercrime, and not much can be done to prepare for a simply mistake such as the Crowdstrike software update, but chief supply chain officers and other supply chain professionals should be taking cybersecurity seriously. Next time, it may not be just the Blue Screen of Death everyone in your supply chain is dealing with.
(If you want to learn more about data security, listen to the Talking Supply Chain podcast episode, The High Stakes of Data Security)
?
Leadership development
Where do supply chain leaders come from? It’s a fairly obvious question to most, yet as an industry, we continue to develop leaders that are not ready for primetime. Why? Dan Pellathy, assistant professor of practice, director of operations at the Advanced Supply Chain Collaborative at the University of Tennessee’s Haslam College of Business, tackled that question and more in a recent blog series published on SCMR.com. Pellathy’s approach was to summarize research conducted and published on the University of Tennessee’s?Global Supply Chain Institute?blog. And while there is no one answer to the question, Pellathy attempted to summarize the problem with developing leaders, and offered areas where organizations can take action to ensure the next generation of leaders is prepared to lead and innovate. You can access the entire four-part article series here. There is also a whitepaper that can be downloaded here.
Happier times
New research from S&P Global Market Intelligence found that companies are more positive about their supply chains in at least 10 years, with 63.6% of U.S. firms discussing the topic positively. That is up from just 49.1% in the first quarter and the highest reading since the first quarter of 2010. What’s happening? The reasons are likely myriad, notes Jeff Berman of Logistics Management. Lower inventory, cost-control and normalized supplier delivery times are among the reasons cited. Berman writes, “S&P Global Market Intelligence Research Director Chris Rogers told?Newsroom Notes?that, generically, it feels like all of the available evidence shows that the supply chain is in a good place, with trade growing and companies having positive supply chain outlooks, but that comes with the caveat that it is not the complete story.” Read more of Berman’s analysis of the report here.
What I read this week
Rosemary Coates, executive director of the Reshoring Institute, joined other U.S. representatives on a trade mission to the Silk Road in China. … Students from MIT’s Center for Transportation & Logistics’ Master of Supply Chain Management program researched whether net-zero goals matter to companies, and the results were quite surprising. … Mega broker C.H. Robinson has launched an AI-powered load-matching platform that is designed to create customized load recommendations for carriers. … New research from real estate firm CBRE found that megawarehouse leasing (those of at least 1 million square feet) jumped 35% in the first six months of 2024 driven in part by lower lease rates. … For the 10th consecutive month, U.S.-bound container freight increased, posting a 9.3% TEU gain in June and up 12% annually for the first half of the year. … The latest TD Cowen/AFS Index points to a continued market that is favorable to shippers.
?
Thank you for reading,
Brian