According to a report from IBM, for the second year in a row, manufacturing companies are the most common targets of ransomware attacks, accounting for roughly a quarter of all such incidents. This directly affects Procurement teams who are responsible for ensuring that the company has a constant supply of critical materials needed for business operations.
Procurement teams in the manufacturing sector face two risks: they are frequently targeted by phishing attacks due to their frequent external email communications, and they also face the possibility of suppliers being breached, which could jeopardise sensitive data and even business operations.
Although it is impossible to completely eliminate the risk of a cyber attack, businesses can proactively monitor and control risks across their supply chain through governance controls. This includes gaining visibility into risk levels across all individual suppliers, implementing risk management plans when necessary, and monitoring key suppliers for cybersecurity incidents in real-time.
Recent examples of ransomware affecting manufacturing businesses
In February of this year, a major semiconductor manufacturer experienced a significant cybersecurity breach resulting in data encryption and potential access to sensitive employee records. As of March, the company had not fully recovered, resulting in a shortage of semiconductors for their clients and an estimated $200 million impact on sales.
Due to the interconnectivity of global supply chains, this incident will have a ripple effect on numerous manufacturing companies and their end clients. Due to such incidents, the FBI has issued a warning to organisations involved in critical infrastructure regarding renewed cybersecurity threats, and President Biden has elevated ransomware to the status of a "national security threat."
In the UK, the National Cyber Security Centre has issued new guidance recommending that all businesses map their supply chains to mitigate similar risks.
How Procurement can manage cyber risk in the supply chain
Improvements in cyber risk management technology have addressed common obstacles to managing these risks at a large scale, such as lack of budget, time, and expertise. Darkbeam is capable of assessing entire supply chains for cyber risk within seconds, providing multi-level reporting and individual reports for each supplier.
Moreover, Darkbeam enables Procurement teams to select critical suppliers - those with access to sensitive information or that could have a significant impact on the business if supplies were disrupted - for continuous monitoring on the dark web. If these suppliers were to suffer a ransomware attack, for example, Procurement would be alerted quickly, and an incident response process could be initiated to minimise the operational, reputational, and financial impact.
By embracing cyber risk management technology, Procurement teams can manage their risk exposure without devoting excessive time to manual processes. Through a managed service offering, they also gain access to specialist expertise that can support them through risk monitoring and incident response.
Click here to create a free Darkbeam account and start managing the cyber risk in your supply chain. For more information about how Darkbeam can support your business with comprehensive supplier cyber risk governance – including dark web monitoring – please contact us below.