Cyber attacks are the fastest growing crime in the U.S. and an increasingly top priority for both the private and public sectors. And it’s no surprise why. The average cost of a data breach is $3.86 million and it takes an average of 280 days to identify and contain a breach-leaving many companies (and their customers) vulnerable.   

Rise of cyberattacks results in new urgency to address cybersecurity in the private sector

Recent high-profile cyber attacks and security breaches have brought cybersecurity top-of-mind for businesses and government alike. 

In early June, the world’s largest meat processor, JBS USA, experienced a shocking ransomware attack from Russia that temporarily shut down operations and cost JBS $11 million ransom. The attack halted production at plants that process nearly a quarter of the beef and a fifth of the pork produced in the U.S., driving up wholesale prices and disrupting livestock deliveries from farms. 

But the damage extends beyond the U.S. operations. JBS also operates in Canada and Australia. The Australian arm of the company uses the same computer system as the U.S. company, impacting production in both countries. As JBS gets back on its feet, the shockwaves of the attack continue to ripple through the supply chain, from farms and grocery stores to restaurants-leading to a scramble for new meat suppliers, potential meat shortages, and higher prices for consumers.  

Unfortunately, JBS wasn’t the only victim of cyber attacks in recent months. That same week the Massachusetts Steamship Authority reported a ransomware attack that disrupted ferry services and shut down their main booking system. And New York’s Metropolitan Transportation Authority recently revealed their subway system had been attacked in April. Similarly, the Colonial Pipeline was also temporarily shut down in April when its IT infrastructure was held hostage for $4.4 million.

White House urges private companies to take cyberattacks seriously 

In response to this recent onslaught of cyber attacks, the White House shared a memo on June 3 with corporate executives and business leaders in the private sector urging them to recognize the threat of cyber hacks and data breaches. 

“The number and size of ransomware incidents have increased significantly,” said Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger. 

“The private sector also has a critical responsibility to protect against these threats,” she added. “[And] all organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”

The memo also recommended steps for mitigating risk and improve cybersecurity including:

 

  • Implementing multi-factor authentication
  • Bolstering security teams
  • Regularly testing backups and updating patches
  • Testing incident response plans
  • Separating and limiting internet access to operational networks

“The U.S. Government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices,” Neuberger added.

How does supply chain pose a risk?

It’s clear that cybersecurity is important. But how does supply chain pose a risk?  

Essentially, the larger your supplier network, the more opportunities for hackers to target. An increasing global supplier network adds more back doors and side doors for attackers to access. And because your suppliers may have your sensitive information for parts specifications, contact information, and other intellectual property, if they don’t have a robust cybersecurity infrastructure and culture, you are at just as much of a risk as they are. 

Additionally, if your suppliers have systems or technology that’s tied into your own network, their vulnerabilities become your vulnerabilities. This was the case with Solar Winds. 

Solar Winds had many customers who used their system “Orion.” Like most technology providers, Solar Winds regularly sends updates, bug fixes, and patches to those using the software. So when hackers broke into Solarwind’s systems and added malicious code, it was then pushed to Solar Winds’ customers, and the newly created backdoor in their customers’ technology infrastructure was exploited to add even more malware that enabled hackers to continually spy on other organizations and individuals. 

Cyber risk mitigation strategies

Globally cybercrime damages are expected to reach $6 trillion by 2021. With so much at stake, it’s crucial for businesses to have a risk mitigation strategy in place to identify potential threats, secure against attacks, and build resiliency throughout the supply chain.