John Adams famously said, “Every problem is an opportunity in disguise.”
I recalled this quote when I read that Google is reportedly acquiring cloud security company Wiz for $23 billion. As reported by Reuters, this would be “Google’s most expensive acquisition and provide it with cybersecurity products that defend against ransomware gangs wreaking havoc on large enterprises.”
The size of this acquisition is proportional to the size of the cybersecurity problem, which is only getting bigger.
The headline of a recent CCJ article by Jason Cannon reads, “Transportation a top 10 target of cyberattackers, cases nearly triple last year.” Here is an excerpt from the article:
A recent study conducted by data collection experts SOAX, utilizing data from the Identity Theft Resource Center on the number of data violation cases from 2020 to 2023 by industry, revealed the United States experienced a total of 3,205 data breaches in 2023, a 78% increase from 2022.
The transportation industry saw 101 data violation cases last year. The number of cases is up more than 181% from the year before and the 101 incidents logged last year matches the total number of cases from 2020, 2021 and 2022 combined. In all the segments ranked by SOAX, no other industry saw a year-over-year increase larger than transportation, with only the financial services sector coming close (177%).
Back in May 2024, NBC News reported that “China-linked group uses malware to try to spy on commercial shipping, new report says.” According to the article by Dan De Luce and Jean-Nicholas Fievet:
The cyber espionage group known as Mustang Panda introduced malware over the past five months to gain remote access to “computer systems belonging to cargo shipping companies based in Norway, Greece, and the Netherlands, including some that appeared to be aboard the cargo ships themselves,” according to the Slovakia-based cyber security firm ESET.
It was the first time evidence had emerged that a China-linked cyber espionage group was focusing on commercial shipping, researchers said.
“We haven’t seen this in the past,” said Robert Lipovsky, principal threat intelligence researcher at ESET. “It shows a clear interest in this sector. This was not a single occurrence. These were several distinct attacks at different, unrelated organizations,” he said.
I’ve written many posts about cyberattacks and cybersecurity as it relates to supply chain and logistics (see last month’s post — “When A Cyberattack Takes Down Your Supply Chain Software” — which includes links to other related posts I’ve written the past few years).
The bottom line is that supply chain executives cannot afford to remain complacent about cybersecurity risks.
I’ll repeat four recommendations I gave back in 2017 in “The WannaCry Cyberattack: Another Warning For Supply Chain Executives”:
- Make sure your IT systems are still supported by the vendors and continuously updated with the latest security patches.
- Make sure your cloud and software-as-a-service providers take cybersecurity seriously too, which means they’re investing the time, money, and resources to develop and deploy security processes and systems and they’re obtaining and maintaining relevant certifications.
- Don’t just focus on prevention, focus on minimizing the scope and scale of a disruption too.
- Embed supply chain risk management within your corporate DNA.
Read the post for more details on each of the recommendations above.
Why is Google spending $23 billion on a cybersecurity startup? Because cyberattacks are a big and growing problem, which provides companies like Google with a big and growing opportunity to make money on preventing them.
This is also an opportunity for software vendors and third-party logistics providers to differentiate themselves in the market too — that is, for them to highlight their cybersecurity capabilities, processes, investments, and expertise as competitive differentiators.
It’s also an opportunity for manufacturers, retailers, and distributors. If you can prevent a cyberattack better than your competitors — and when you suffer a cyberattack (because it will ultimately happen), if you’re better able to minimize its scope and recover faster from one — then you will have an opportunity to outperform your competitors and increase your market share too.
I’ll end with the following comment provided by a supply chain executive in our Indago supply chain research community in response to a survey we conducted recently on this topic:
“We’ve been fortunate to not have experienced downtime related to a hack of a software vendor, but it really is only a matter of time until this occurs. It’s important to have mitigation strategies — including pen/paper and phone calls — to keep the business running, but it would be a massive step backwards from the way we run our day-to-day operations. I shudder at the thought of a [system going down for days] but that would likely be the case when this type of incident occurs.”
While the cybersecurity opportunity might be in disguise for some, the problem is certainly in plain view, a clear and present danger to all.
