UK businesses in particular have been hit hard by the double whammy of changing processes in the wake of Brexit and supply chain fluctuations as a by-product of the pandemic. The turbulent climate has led many to rely on digital solutions to overcome long-looming business challenges that now needed to benefit from accelerated digitalization.
Service providers have created applications to assess demand and supply requirements, and implemented automation to address rising costs and staffing shortages in this area. Brexit has led some companies to realign their core supply chain systems with the help of digital supplier partners.
Service providers have pivoted quickly to avoid physical supply chain headaches with digital solutions such as blockchain technology for tracking and tracing goods; customer service platforms to deliver better online customer experiences and direct-to-consumer strategies; offer alternative payment options, including, increasingly, cryptocurrencies; even large-scale adoption of cloud and data storage services, across industries.
And as sustainability and decarbonisation have become priority areas in Europe, many UK businesses are aiming for carbon neutrality and zero emissions by 2030, says leading UK researcher and consultant ISG Digital Strategy and Solutions. The use of greener technologies and data-driven insights to better understand barriers to sustainability will only skyrocket in the years to come – but as this takes hold, the looming cyber threats will become more apparent (and prevalent) than ever in the digital supply chain.
Facebook Chief Technology Officer Mike Schroepfer (bottom left) answers questions before the Digital, Culture, Media and Sport Committee in Parliament in London. (Photo by PRU/AFP)
According to Nathan Turajski, senior director at enterprise cloud data management specialist Informatica, the UK government is aware of these “vulnerabilities and security gaps” and has already enacted legislation such as the Bill. on product security and telecommunications infrastructure to counter cyber risks.
TechHQ: Why has awareness of the cyber threats facing UK businesses hit an all-time high in the last year?
Nathan Turajski: As the pandemic approached, companies were relying more on sensitive data to support their digital transformation, with personal data powering everything from customer experience programs to detailed analytics.
The shift to remote working has not only accelerated this trend, but also created serious data security issues. There has been a huge increase in the flow of data to “untrusted environments”, such as home offices.
Homeworkers became an increased target almost overnight. Traditional phishing attempts, ransomware threats, as well as email and social media scams have accelerated. While sophisticated tech companies and highly regulated industries including financial services, insurance and healthcare are generally better prepared, organizations that have delayed their digital transformation have suddenly found themselves caught off guard. They had to manage a sudden and drastic shift to digital-first operations while dealing with security threats. It’s no wonder we saw stories of ransomware and cybersecurity breaches almost daily in the first year of the pandemic.
THQ: What are the main cyber threats that have captured the attention of UK and European industry and businesses?
NT: Cyber scams targeting end users are at an all time high, which should come as no surprise. The weakest point of any system is human inexperience and error. The average employee operating on untrusted networks and insecure devices represents the path of least resistance for crooks, where they can operationalize ransomware attacks that compromise valuable business data by accessing sensitive data within corporate networks. ‘business.
Queen Maxima of the Netherlands (L) reacts as she stands with Britain’s Prince Edward, Earl of Wessex (2L) and looks at an ioLight digital telescope during the UK-Netherlands Innovation Showcase in 2018. (Photo by Daniel LEAL / POOL / AFP)
Less expert organizations are still wondering how to securely manage and share sensitive data with end users. Often, workers lack basic knowledge of cybersecurity and data governance and, unfortunately, are simply careless when dealing with data outside of a traditional corporate network.
THQ: How does the pervasive cyber threat landscape pose a danger to supply chain security in the region?
NT: The pandemic created the perfect storm. Businesses are more dependent than ever on supply chain partners, while having less visibility into them and having to rely on a diverse supply chain ecosystem which naturally increases the risk of cyber threats. Underlying all of this is a complex data flow, where any change – such as working with a new third party, where traditional governance controls need to be adapted to the new operating environment – brings an increased degree of risk.
Any cyber threat to supply chains is amplified due to the potential for catastrophic results for our interconnected just-in-time systems. Look at how chip supply shortages are affecting industries around the world, then multiply them by ten. A ransomware attack that knocks the ports of a single country offline could instantly cripple entire industries.
Today, hackers are able to exploit systems that were once quite reliable. Supply chain controls that detect abuse and extend the visibility of threat information must be adapted, while new risk assessments must be performed and new policies put in place to prevent data leaks.
THQ: How can data and, in particular, data analytics help determine the state of digital supply chain security readiness in the UK?
NT: Understanding digital supply chain security readiness starts with a risk assessment. Fortunately, existing data governance tools can be used for UK digital supply chains. Data governance has been adapting for some time from on-premises to cloud and distributed environments. It is therefore not very difficult to expand visibility when adopting new business models hosted in the cloud.
Data discovery and lineage information is an essential first step in understanding what sensitive data is at risk in the supply chain. This visibility can support risk assessment tools to measure exposure and, ideally, be linked to automated data protection based on high-priority threats. For example, a company can mask specific data during order fulfillment when records are provided to a third party, ensuring that no unnecessary or sensitive personal data is exposed during transmission.
THQ: What are the changes in the plans proposed by the UK government that are improvements on past decisions on cybersecurity?
NT: There are proposed new laws in the UK that aim to address security weaknesses and gaps, primarily through the Product Security and Telecommunications Infrastructure Bill. This legislation would establish basic security in connected devices, even going so far as to ban universal passwords by default.
New cybersecurity proposals, such as the National Cyber Security Centre’s Cybersecurity Assessment Framework (CAF), are another important initiative to help close the gaps in the current cybersecurity landscape. The first step to understanding new threats is assessment, and the CAF is a tool to systematically assess readiness and resilience to mitigate cyber threats.
In its efforts to raise the bar on security through meaningful legislation, the UK is arguably in a leading position to help protect its economy from the impact of cyberattacks.
THQ: Do you think the new plans will have enough security positives for UK businesses and digital supply chain fulfillment partners?
“Proponents of data security and personal data privacy live by simple truths, one being that security risk management is a journey rather than a destination. We don’t know if the risk can ever be completely eliminated, but we can take steps to reduce our exposure to attacks and avoid being exploited – or at the very least, mitigate its impact.”
“Any effort that raises awareness about protecting what we value most, sets new standards and starts a conversation about how to improve the new status quo can only help us stay ahead of the attackers and negligent parties.”
