Are You Prepared For Supply Chain Cyberattack?

In January 2022,? we asked members of our Indago supply chain research community — who are all supply chain and logistics executives from manufacturing, retail, and distribution companies — “What is the probability that a major cyberattack will disrupt global supply chains [in 2022]? How prepared is your supply chain for a cyberattack?”

More than two-thirds of our member respondents (69%) believed that the probability was “Very High” (30%) or “High” (39%) that a cyber attack would disrupt global supply chains.

“Since supply chains are long and complex, they make easy targets for cyberattacks,” said one Indago supply chain executive at the time. “Simply attacking one small node can reap large-scale chaos and provide hackers with the monetary rewards they are looking for. Since the playbook has already been established, it’s only a matter of time until there are more [cyberattacks].”

Well, there have certainly been more cyberattacks. Last week, for example, CDK Global, which provides software solutions to car dealerships, was the victim of a ransomware attack. Here are some excerpts from a Wall Street Journal article about the incident:

A cyberattack that has forced car dealerships around the U.S. to use pen and paper to sell cars is expected to continue for several days.?

CDK Global, the company behind the software, told dealerships in a message that it had two cyber incidents Wednesday [June 19] and that it took down its software out of caution to protect customer information. Nearly 15,000 dealers use CDK’s software to manage their sales, payroll and general office operations, according to the company’s website. The system has been down since the incidents, disrupting how dealerships sell and repair cars.

The hack on a major supplier to car dealerships highlights a common weak point in companies’ cybersecurity programs. Even if a company secures its own technology systems, they may still be vulnerable if one of their suppliers is attacked.?

Considering that many (if not most) supply chain and logistics software applications are now deployed via the cloud, what if any of these systems — such as your transportation management, warehouse management, or ERP — goes down for several days due to a cyberattack on the vendor or hosting provider? Do you have contingency plans, processes, and tools in place to keep your operations running in such a scenario? What actions are your software vendors taking to fortify their cloud services against cyberattacks?

Those are some of the questions we’re asking members of our Indago supply chain research community in this week’s survey. Indago members will receive the results next week.?

But it’s not too late to take the survey. If you’re a supply chain or logistics practitioner from a manufacturing, retail, or distribution company — and you’re interested in learning from your peers and taking this week’s survey — I encourage you to learn more about Indago and join our research community . It is confidential, there is no cost to join and the time commitment is minimal (2-4 minutes per week) — plus your participation will help support charitable causes like Breakthrough T1D (formerly JDRF), American Logistics Aid Network, American Cancer Society, Feeding America, and Make-A-Wish.

In the meantime, what do you think? When a cyberattack takes down your transportation management system (TMS), warehouse management system (WMS), or other supply chain software (it’s a question of when, not if), will you be ready to respond as effectively as possible or will everyone on your team look at each other and frantically ask, “What do we do now?”

How would you rate the quality of the data you receive from your external trading partners??

That was the question we explored in a recent survey, which is available for download . Here is a quote by one of our supply chain executive members:

“Data and the management of data have become impossibly complex, especially in large global organizations. No single group has full responsibility or even understanding of the data sources, job runs, etc. End business users are even more in the dark and have no way to understand or troubleshoot when inaccuracies are found. When the data is there and available, it's a wonderful thing and we can harness it to drive powerful insights, but when it's not, we're back in the dark ages.”