Securing The Supply Chain

No photo availableCIO Africa authorBySid Chudasama
6 min read
In today’s digital world, no company in any industry can ignore or avoid the risks of cyberattacks. Cybersecurity is a must. Just ask Lewis Miriti and Moses Maundu from Fortinet.
web-img-14

Recently, my Editor-in-Chief penned an article asking whether we ought to spell it as cyber-security, cybersecurity or cyber security. Through her thorough research, she not only discovered that how you say the term depends on your English school teacher, but that the most Googled way is the least preferred way which is cyber-security.

Why should you care how it is written? Simply because, in the common world of connected devices, the connotations behind cybersecurity are too serious not to be understood. So serious, that, Euroscientist estimates that cybercrime will cost around £4.5 trillion a year in 2021, more than £2 trillion above the 2015 figure.

Manufacturing is by no means a new industry, but it is well on its way to transforming itself. The fourth industrial revolution (4IR), or Industry 4.0, is taking off as factories begin to take advantage of data analytics and related technologies. It is an exciting time for the sector. But this technological transformation brings new concerns as well. As with any considerable strides forward, there is always a loophole in the background. This loophole, in particular, is a well-known one. As the industry becomes more data-driven, manufacturers have a new threat to consider: cyberattacks.

When you think about hackers, you probably do not imagine factories as their target. But, cybercrime is a serious issue for any sector. “In manufacturing, a lot of time the focus is on production instead of IT security. Remember we are talking about machines, and machines can be hacked. It is complex yes, but that is not withstanding the fact that IT players need to learn a lot around manufacturing needs in terms of cybersecurity,” explained Moses Maundu, Account Manager East Africa, Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions.

Manufacturing companies can be particularly vulnerable to digital threats nowadays, even if it doesn’t seem that way initially. The manufacturing industry is colossal, global, and continuously evolving. It relies heavily on data to optimise its processes and improve efficiency. Meaning, a lot of data is at play, and where there is critical data, there are cyber-attackers. Through 4IR, manufacturing businesses are growing more data driven. It is becoming essential for these organisations to take the necessary measures for avoiding losses due to cyber-attacks. Through the guiding hand of companies like Fortinet, manufacturers can harness the power of digitisation without looking over their shoulder, worrying about cyber-attacks.

Analysts are led to believe that a key reason as to why there may be an increasing number of attacks on industries is because IT (Information Technology) security and OT (Operational Technology) security are out of sync. First, we need to know the difference. Lewis Miriti, Regional Manager East Africa at Fortinet, pointed out a key difference between the pair. “OT security is largely about people, health and safety, and the impact that would have on production. Whereas IT’s main concern is data loss.” This went on to show that in order for industries to gain operational efficiency and assure better customer service, they will need to converge IT and OT across their operations.

Evidently, you can tell that Lewis is a man of detail as he explained that looking through the security triad, one can understand there are a number of areas where people, processes, and technology overlap when it comes to the IT and OT ecosystems – areas where respective strategies need to be in sync. 

A prime example of a cyber-attack that completely destabilised an entire industry has to be the REvil Attack on JBS, the world’s largest meat processor. The attack shut down the company’s operations for a record number of days, halting their meat production and distribution processes. The cyber attackers got away with $11 million.

“REvil Is a hacker group that carries out Ransom-as-a-Service attacks. Malicious individuals procure services of ransomware to hack you. This particular attack threatened to publish sensitive data while affecting the entire supply chain,” explained Moses, before affirming that as long as there is critical data present, no matter the industry, threat actors will want it. It underscores the importance of cybersecurity. It is no longer that thing remaining in the background of conversations about digitisation. According to the ThreatPost, JBS’s decision to pay came after consultation with internal IT professionals and third-party cybersecurity experts, despite the fact that the meat processor nearly having the entire situation under control. Indeed, experts said the attack could have had a ripple effect with a downstream impact on the food supply globally, had it not been resolved quickly.

The REvil ransomware group, which also goes by the name Sodinokibi, is one of the more audacious of the bunch, infamous for its attacks against some of the world’s largest organisations with exorbitant ransom demands. The US Federal Bureau of Investigation (FBI) called the group who attacked JBS “one of the most specialised and sophisticated cybercriminal groups in the world.” At this point you might be wondering, how can cyber-attacks be foiled before they even crop up? The answer is surprisingly simple. Through defence strategies and procedures enacted by cybersecurity enterprises like Fortinet.

Lewis went on to explain why cyber-attackers seem to have more leverage to plan and perpetrate attacks. It is the double-edged sword of increasing connectivity leading to larger attack surfaces. “Industries need to invest in a broad set of tools that can be integrated to create visibility across the expanded attack surface. Those tools need to help you, or the organisation protect itself. Once protected, it should be able to detect and respond to attacks,” he said, continuing, “There is no silver bullet. In case you have been infiltrated, how then do you identify that you have been hit and how then do you recover to an original state?”

This goes to show cybersecurity measures are not only anti-virus software, but also other end-point security measures. Manufacturers should employ measures that cover the basics of cyber security for them such as cybersecurity awareness for employees. Oblivious employees are ticking time bombs. They can easily allow malicious actors to enter the organisation via phishing, vishing, smishing, or other attack vectors. It is important for manufacturers to ensure their employees are aware of the kind of cyber threats that can potentially damage their organisation’s business setup. It just so happens all organisations need cybersecurity governance programmes to be certain every employee understands and is aware of cybersecurity mitigation efforts to reduce cyber risks.

The takeaway from Lewis and Moses is urgency. That, and improving cybersecurity and data privacy across the board. It doesn’t really matter whether you are a switched-on digital company or a staid and traditional one. You need to make sure you’re safeguarding the data your business relies upon.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co