UPMG2020: Cyber Breaches Remain a Contagion for Companies
During the coronavirus (COVID-19) pandemic, many activities that critically impact businesses and supply chains have been reduced. Cybercrime, however, is not one them.
Hackers and digital thieves have remained as active as ever, with Estee Lauder and Fifth Third Bank suffering among the highest-profile business data breaches this year. Even more disturbing, health-care providers have been targeted, and Rob Chubbuck, head of the academic program at the Washington, D.C.-based Mission Critical Institute for Cybersecurity, does not rule out cybercriminals attempting to gum up distribution of a COVID-19 vaccine.
That was among the concerns raised during “Is Your Supply Chain Safe From Hackers? How To Harden Your Supply Chain Using NIST/NICE Cybersecurity Risk Management Framework,” a session on Wednesday at UPMG2020, the annual conference of Institute for Supply Management®’s (ISM®) Utility Purchasing Management Group.
The projected cost for cyber breaches to businesses this year will be US$6.1 trillion, Chubbuck said, adding in a chat comment during the virtual event: “It is amazing to me at the number of attacks that we are seeing currently. We are seeing attacks within all sectors, including the medical and health areas. I think the reason for this is due to the relative ease in attacking (in an environment) where there is a lot of fear.”
The reputational costs to businesses can be just as severe, and vulnerabilities are only increased by complex supply chains. Chubbuck’s session included a chat with Jim Fleming, CPSM, CPSD, Program Manager, Learning Solutions at ISM, who noted that a heating and air conditioning contractor provided the opening for hackers in the 2013 breach of Target that exposed the payment and personal information of as many as 110 million customers.
The pandemic has provided even more dynamics, with employees working from home, with their own internet providers and using such technologies as Zoom and Microsoft Teams.
“These are technologies that many weren’t accustomed to using,” Chubbuck said. “We’ve seen some breaches and attacks with platforms like these, but these organizations have taken an effort to secure themselves. Zoom turned on dime to (provide extra security), so businesses could operate. It’s vital we continue to stay nimble and work with business partners — and even some of our competitors — to work together to bring a more resilient cyberspace.”
Several cybersecurity frameworks — systems of standards, guidelines and best practices to manage digital risks — are available to organizations, including NIST, NICE and ISO 27001. An organization needs to determine the best framework for its size and industry, Chubbuck said, but it’s important to have more than one. “Many of the frameworks work well together,” he said. “We like to see more layers of security. The more you have, the better, because you’re only as strong as your weakest layer.”
While frameworks and technologies are critical, Fleming said that some of the most effective cybersecurity comes though employees taking simple steps, like updating software patches. “It’s a behavioral issue,” he said. “I get it. I’m busy, and when I see the email to install the patch, I don’t have to want to make the update and restart the computer. But we must be diligent and provide our own individual accountability.
“Because at the end of the day, we’re all responsible for protecting the enterprise.”