Remember AOL’s “You’ve Got Mail” greeting from the 90s when you started your computer and connected to the internet? It was a happy greeting, one you looked forward to getting every morning, unlike the greeting many people and companies are getting today when they log on to their computers and systems: “You’ve Been Hacked!”
On February 20, 2022, we determined that our company was the subject of a targeted cyber-attack. Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment. The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers’ shipments.
It’s not quite “The Day A Cyber Attack Brings The World’s Supply Chains To A Halt,” as I wrote back in September 2016, but it is yet another reminder of how companies cannot afford to ignore this clear and present danger anymore.
High-Profile Cyber Attacks Impacting Supply Chain & Logistics Operations
Over the past few years, there have been plenty of high-profile cyber attacks affecting supply chain and logistics operations.
In May 2017, for example, the WannaCry cyberattack impacted FedEx, Renault, and many other companies. A few weeks later, another cyberattack — via a computer virus dubbed Petya that apparently infected a Ukrainian tax software product — disrupted supply chains around the globe, including operations at FedEx and Maersk (the latter ultimately lost $300 million as a result).
In September 2020, a ransomware attack disrupted the operations of France-based shipping company CMA CGM (at the time, the company said the attack could cost it $50 million), and in April 2021, Colonial Pipeline, one of the largest pipelines in the United States, was forced to shut down after being hit by ransomware too.
And now, of course, there’s Expeditors. “We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future,” states the company in its press release. “Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation.”
Cyber Attack: #1 Supply Chain Risk
The good news is that many companies are now recognizing the growing risk of cyber attacks on their supply chains.
In the “Fourth Annual Supply Chain Innovation Survey” — conducted by Adelante SCM and the Council of Supply Chain Management Professionals (CSCMP), and presented by E2open (previously BluJay Solutions) — we asked supply chain and logistics professionals, “Which risks do you believe you need to plan for more effectively moving forward?” Number one on the list: Cyber attack.
So, what actions should companies take to minimize the risk and impact of a cyber attack? Here are three recommendations I first shared in “The WannaCry Cyberattack: Another Warning For Supply Chain Executives”:
- Make sure your IT systems are still supported by the vendors and continuously updated with the latest security patches.
- Make sure your cloud and software-as-a-service providers take cyber security seriously too, which means they’re investing the time, money, and resources to develop and deploy security processes and systems and they’re obtaining and maintaining relevant certifications.
- Don’t just focus on prevention, focus on minimizing the scope and scale of a disruption too. Your network will get breached. Unfortunately, most companies spend the vast majority of their time and resources trying to prevent an attack and not enough time and energy on developing processes and systems to minimize the impact of a breach when it eventually happens.
I’ll repeat what I wrote years ago on this topic: The sooner companies embed supply chain risk management within their corporate DNA, the sooner they’ll be able to adequately address this growing threat of cyber terrorism. Mitigating the threat will also require greater collaboration between the IT and supply chain functions, not only within companies, but across all stakeholders in global supply chains. As the examples above illustrate, criminals and terrorists are already on the offensive — and their actions will only intensify in the months and years ahead.
Editor’s Note: The “Fourth Annual Supply Chain Innovation Survey” was conducted to gain insight on how supply chains are driving innovation and planning for uncertainty. Supply chain risk management, resiliency, innovation, and sustainability are among the topics explored. You can read the full report at https://www.supplychainresearch.info/2021