Supply chains can be highly vulnerable to hacking and malware attacks and, depending on the attacker’s motivation, are susceptible to actions aimed at stealing large amounts of money and disrupting business. Yeniyurt and Carnovale (2021) note that cybercriminals are unwilling to slow down the growth of cyber threats and invent new ways to steal information from individuals and organizations of all sizes. The most common cyber risks in supply chain management include data breaches, supply chain disruption, and malware attacks. Data breaches can occur through external and internal intruders. Employees, hackers, malicious competitors, and managers can leak sensitive data and personal information outside the business. Supply chain disruption occurs when a hacker or attacker breaks into an operating system or network without permission. The goal of penetration is to create havoc on the system by deleting, replicating, and corrupting data. Malware attacks can occur with the help of ransomware that blocks the computer until the company pays a certain amount of money.
One of the cyberattack tools is sending a phishing email in order to obtain information. Ghadge et al. (2020) assert that clicking on a link in an email may result in data corruption and loss. If the phishing email is successful, the company can find the username and password used externally to collect information on the system. It can lead to unforeseen competition and serious leaks that could harm the entire corporation.
The sophistication of attacks and the complexity of modern IT, using such technologies as virtualization, mobile, and cloud computing, are forcing companies to improve the protection of their information and apply defense-in-depth technologies. According to Gaudenzi and Siciliano (2018), to successfully address cyber risks, a serious cyber and IT risk management strategy is needed that considers various corporate functions. High IT security standards for networks, software, and mobile devices, staff awareness training, ongoing process optimization, and strict access rights management and guidelines help to combat the above cyber risks. In turn, cyber risk insurance is becoming a major factor in IT risk management for many companies to manage residual risks.
A cyber-attack on a company’s supply chain is not only a short-term problem, but it also has medium and long-term consequences. First, cyber-attacks lead to the loss of external information. Cybercriminals obtain information belonging to the platform’s users, which is supposed to be a secure environment. Secondly, cyber-attacks also lead to the loss of inside information. It is a serious problem for the company as its corporate information security will be severely compromised. It may suffer from the theft of internal data or confidential information that is vital to the company’s daily operations.
Thirdly, cyber-attacks lead to the deterioration of the company’s reputation. If users have their data stolen from an external platform, then they are unlikely to trust this platform in the future. Fourth, cyber-attacks lead to serious sanctions for the company. While there is no comprehensive national privacy law in the United States, there are several sector-specific data privacy and security laws at the federal level. Moreover, there are many other state and local privacy laws. Thus, the relevant authorities closely monitor companies that violate these requirements. One of the consequences of identity theft can be the recognition that the company has violated the law, as a result of which it may face multimillion-dollar fines.
References
Gaudenzi B., & Siciliano G. (2018). Managing IT and cyber risks in supply chains. In Y. Khojasteh (ed.) Supply chain risk management (pp. 85-96). Springer.
Ghadge, A., Weiß, M., Caldwell, N.D., & Wilding, R. (2020). Managing cyber risk in supply chains: A review and research agenda. Supply Chain Management, 25(2), 223-240. Web.
Yeniyurt, S., & Carnovale, S. (2021). Cyber security and supply chain management: Risks, challenges, and solutions. World Scientific Publishing Company.