Disrupting the Supply Chain's Digital Transformation

Ransomware May Disrupt the Digital Transformation of the Supply Chain

WHY THIS MATTERS

Even the best-laid cybersecurity plans by a producer, distributor, or retailer, may not withstand a cyberattack.

The digital transformation of supply chains does not mean that companies have robust cybersecurity measures in place.

Hackers and fraudsters are keenly aware of the challenges and new vulnerabilities that exist in digital transformation.

The lion’s share of cyberattacks on the supply chain in 2019 involved ransomware.

In June 2020, Lion, an Australian beverages company, suffered a ransomware attack which forced it to shut down its IT systems and some manufacturing sites (still under investigation), disrupting suppliers and customers.

The Supply Chain

In the supply chain, Producers (e.g., factories), Distributors (e.g., warehouses), Retailers (e.g., brick and mortar or online stores), and Customers (with demand levels at the stores), rely on one another to deliver on their promises and obligations. 

During the COVID-19 Pandemic, shutdowns, and rapid changes in customers' needs have presented challenges to supply chain members. The ever-evolving customer needs have caused swings upwards and downwards, depending on the type of products.

Hackers and fraudsters are keenly aware of the challenges and new vulnerabilities that exist in digital transformation.

Digital Transformation

Supply Chain Dive reported that Mary Long, Director of the Supply Chain Forum at the University of Tennessee Knoxville, noted: "COVID-19 is vastly accelerating digital transformation. Manufacturers and supply chain leaders are reconsidering digital initiatives that previously sat on the back burner. We just took a huge leap forward."

Cyber Incidents During COVID-19

TechRepublic reported cyber incidents across global supply chains compound difficulties in trying to stop the spread of COVID-19 as more enterprises adopt digitized management systems. 

new report from supply chain company Resilience360 details supply chain cyber threats in 2020 and the bevy of incidents that occurred throughout 2019. The study found that there were nearly 300 cybersecurity incidents impacting supply chain entities in 2019, with the most common attack coming in the form of company-crippling ransomware.

Digital transformation of supply chains does not mean that companies have robust cybersecurity measures in place." We've seen manufacturers fall victim to ransomware attacks multiple times last year, meaning that networks were infiltrated by hackers who blocked system access and encrypted data until a ransom was paid to end the disruption," said Shehrina Kamal, product director for Resilience360's Risk Monitoring function.

The study found that in 2019, major companies in the automotive, technology, pharmaceutical, and chemical industries were all impacted by ransomware, data breaches, and the activities of advanced persistent threat groups. Many of the attacks were designed to specifically take down technical infrastructure, such as industrial control systems, in addition to their more traditional targets in corporate IT networks. 

Also, the report lists two major ransomware attacks that had dramatic effects on production supply chains in 2019. 

The March 19, 2019 cyberattack on aluminum producer Norsk Hydro involved LockerGoga, a form of ransomware that encrypted the files on desktops, laptops, and servers throughout the company, affecting 35,000 employees at 170 plants across 40 countries.  The hackers posted a note on corrupted computer screens demanding an unspecified ransom payment in bitcoin to decrypt the software -- with the price depending on how fast they contacted the hackers.

This extensive cyberattack had been set in motion three months earlier when one employee unknowingly opened an infected phishing email from a trusted customer. From there, hackers invaded the IT infrastructure and covertly released their malware, forcing Norsk Hydro to shut down the network and servers to avoid any further spreading of the malware.

Norsk Hydro refused to pay ransom, implemented a high-level incident response plan by setting up a temporary website and informing the press and staff with daily updates (in a very transparent manner) and carried on manual (non-IT driven) operations.

The most recent loss estimate is nearly $75 million. Norsk Hydro is reported to have cyber insurance to cover some of those costs.

The concern for producers, distributors, retailers, and the entire supply chain, is that LockerGoga goes a step further than mere encryption of data – it disables the computer’s network adapter to disconnect it from the network, changes the user and administrative passwords on the computer, and then logs the machine off.

"Analysts believe the attack marks a worrying trend, due to its international scope and direct impact on production and logistics assets," the Resilience360 report added.

On June 7, 2019, there was another ransomware attack on Belgian aerospace supplier ASCO Industries that forced the company to shut down production lines at four different factories across North America and Europe. 

The attack was so damaging that the company furloughed nearly 1,000 employees temporarily and was out of operation for more than a month.

"Greater connectivity and digitalization are making manufacturing and supply chain operations more vulnerable to cyber threats…" according to the Resilience360 report.

Lion Suffers Ransomware Attack

In June 2020, Australian beverages company Lion confirmed it had suffered a ransomware attack, which forced it to shut down its IT systems and some manufacturing sites (still under investigation), disrupting suppliers and customers.

Lion has over 7,000 employees across Australia and New Zealand. Lion's focus is on the production, marketing, sales, and distribution of beer, wine, spirits, cider, soy, juice, and dairy beverages. Lion's diverse portfolio, produced across 46 sites, collectively generates annual revenues of around $4 billion.

Lion has been partnering with LLamasoft, the leading provider of AI-powered supply chain analytics software, to support supply chain design, digital capabilities, and analytics. Since many food and beverage products are perishable, Lion must consider freshness and shelf life in its complex supply chain management system.  

Even the best-laid plans may not withstand a cyberattack.

Funds Transfer Fraud

Funds Transfer Fraud is a type of cyberattack that manages to re-direct seemingly legitimate company payments to cybercriminals. This type of fraud is accomplished through social engineering techniques that prey on our inherent sense of trust, typically originating from email spoofing or spear phishing.

Funds Transfer Fraud (FTF) is a significant business for cybercriminals, and without the right protocols in place, companies are vulnerable to sending massive payments with devastating financial consequences.

According to the FBI's 2019 Internet Crime Report, BEC scams were, by a considerable margin, the most damaging and effective type of cybercrime in 2019. BEC losses averaged $75,000 per complaint, phishing, smishing and vishing accounted for $500 per complaint, and ransomware averaged $4,400 per complaint.

Notably, a cyber insurance policy may refer to Social Engineering, FTF, Invoice Manipulation, Electronic Crime, Computer Fraud, or Financial Fraud. Your cyber insurance broker should conduct a thorough review of cyber insurance policy wording to ensure clarity about this coverage.

Invoice Manipulation (Client/Vendor/Customer Sends Funds)

Invoice Manipulation is a more complex and daunting form of FTF. An attacker gains access to a company email account, typically through phishing, and sends an authentic email to an outside party requesting payment for a fraudulent invoice. Having reviewed correspondence in the hacked email account, attackers will often mimic the sender's behavior to make the request look authentic. When the company follows up for the original invoice payment later, the fraud is discovered, and the funds are long gone.

According to the FBI, BEC scams like invoice manipulation accounted for more than $26 million in corporate losses in the last three years.

Most Stand-Alone Cyber Insurance policies have quickly responded to this threat and now provide coverage for invoice manipulation. However, outdated coverage forms and packaged policies might only respond to funds transferred by employees, potentially leaving businesses uninsured.

Loss Prevention from Cybersecurity & Cyber Insurance

Due to the rapid increase in cyber threats this year, including ransomware attacks, FTF, and invoice manipulation, now is the time for a robust cyber risk management plan.

Action Steps:

  1. Update All Systems

As threats become more frequent and severe, system updates are vital. Legacy systems that lack the latest security protocols are more vulnerable and need patching if it still available.

  1. Create a Cybersecurity Policy 

Develop a cybersecurity policy to ensure that your employees are aware of cyber threats. Prevent a single employee from becoming the gateway into your systems via a phishing email scam.

  1. Manage Strong and Unique Passwords

To protect the warehouse management system, passwords will need to be complex (a random combination of letters, numbers, and special characters), updated regularly on a schedule, and stored offline not on computers.

  1. Dual Control (aka Two-Factor Authentication) (2FA) 

A security procedure requiring two people to authenticate a bank wire or funds transfer. Implementing dual control helps prevent fraudulent bank wires that may arise out of phishing or social engineering attempts. Dual control can be accomplished by a phone call to the bank wire recipient, verifying the transaction with an executive, or implementing formalized procedures with a financial institution.

  1. Backup Databases

As a precaution, you should regularly back up essential data, such as customer contacts and order information, in multiple locations. If you can access your data from alternative hard drives or the cloud, you will be in a better place post-ransomware attack. Lengthy data recovery means longer business interruption, financial impact to your bottom line, and damage to your reputation.

  1. Use Antivirus Software, Firewalls, and Ransomware Protection

Choose the best anti-virus software, ransomware protection software, and firewalls to prevent the unauthorized access to your networks and computer systems.

  1. Prepare and Rehearse: Incident Response Plan (IRP), Business Continuity Plan (BCP), and Disaster Recovery Plan (DRP)

Please refer to our prior article discussing the BCP, DRP and IRP.

As a precursor to the BCP and the DRP, you need an Incident Response Plan (IRP).

The response that you plan for (and pre-test for) during significant disruptions or disasters (e.g., looking at weather events or property damage) is the same planning that you must carry out for cyberattacks.

An incident response may include the evacuation of a warehouse facility, initiating a BCP or DRP, performing risk and damage assessments, and any other measures necessary to stabilize your status.

The IRP should include:

  • Incident response team: Designate a team to respond before a cyberattack occurs, not on the day of the attack.
  • Incident management principles: The investigation will have a certain level of confidentiality. Affected stakeholders must be notified and the situation reported to management. This section of the plan should outline communication guidelines.
  • Cybersecurity incident phases: First, a distributor must identify the type of incident, if possible. The attack and investigation must be logged, and the warehouse team should determine the origin of the incident so it can be isolated.  Next, the incident should be reported to your cyber insurance carrier – they will proceed with the IRP provided under your cyber insurance policy. If you do not have cyber insurance, then you must proceed on your own with your IRP. 
  1. Conduct Annual System Audits

Ensure your warehouse management systems remain current, from your cybersecurity policies, to essential data backups, to password management, to dual controls, and your IRP, BCP, and DRP.

Your business stands a better chance of recovery with a robust stand-alone cyber insurance policy that provides coverage to protect your business against cyber-related losses.

For example:

  • Ransom payments – when hackers lock your network or computer system demanding payment of ransom for the key to unlocking your system.
  • Business interruption (BI) - loss of business income during the cyber event (after a brief waiting period), including the policyholder’s net profit before taxes, and extra expenses incurred during a shutdown of your computer network.
  • Extortion-related expenses – when you incur losses because of the extortion threat, such as making the ransom payment and the cost of hiring a security expert to advise you on how to respond to a threat.
  • Repair costs – when you sustain losses due to damage, disruption, theft, or misuse of your data, such as the cost to restore, replace or reconstruct programs, software, or data.
  • Incident response team – when you face costs associate with the support of an incident response team accustomed to addressing cyber incidents.
  • Employee training tools – to help prevent attacks and protect your network and data.

Your company’s residual cyber risk includes your employees who may be tricked by a phishing email, jeopardizing your cyber risk management plan.

TAKEAWAYS

  • Phishing emails succeed when hackers and fraudsters trick employees.
  • Human error jeopardizes your cyber risk management strategy.
  • Employee training is a valuable solution. Some cyber insurance carriers offer support to insureds to raise cyber risk awareness of all members of the organization.
  • Distributors and all supply chain members benefit from conducting test runs of new equipment, tracking software, logistics management tools, and safety measures. Why not do the same for cybersecurity measures? Even better, why not do so with the support of your cyber insurance carrier?
  • A failure to prevent human error, ransomware attacks, funds transfer fraud, or invoice manipulation may result in a devastating financial loss.
  • Your business stands a better chance of surviving and thriving after a cyberattack with a robust stand-alone cyber insurance policy suited to your risk transfer requirements.

Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.

Contact Cyber Armada today to examine how your company faces potential financial losses from business interruption caused by IoT or supply chain failure cause by a cyberattack.  Contact us at 888.727.6232.

NEXT ARTICLE

Please watch for our article on the Internet of Things (IoT).
This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Threat Cyber Security Ransomware Supply Chain

Articles & Insights Home
Cyber Armada Team
Posted by Cyber Armada Team on Jun 17, 2020
Facebook Linkedin Twitter
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment