May 13, 2019

Llamasoft: Ensuring supply chain resilience in the face of cyber threats

Risk Management
Don Brenchley
5 min
Don Brenchley, Director of Industry Strategy, LLamasoft, argues that cyber attacks on supply chains may be difficult to predict, but with the right data and the right platform in place, organisations can prepare for the worst, even if the worst never happens
In early March, the UK government warned in a press release that, while awareness of the threat of cyber attacks has increased, org...

In early March, the UK government warned in a press release that, while awareness of the threat of cyber attacks has increased, organisations must be doing to more prepare for and prevent against the potential impact of cyber attacks.

Countless high profile attacks in recent years have highlighted the fact that organisations of all types and sizes are susceptible to cyber crime. The creation of CSO (Chief Security Officers) and CISO (Chief Information Security Officers) executive roles, responsible for ensuring the physical and cyber security of leading organisations, is a telling sign of the times.

For organisations operating complex, global supply chains, cyber attacks join a list of existing threats and disruptions that they must contend with, such as political unrest, changing taxes and duties, shifting consumer expectations and the growing demand for sustainability.

In 2017, shipping conglomerate Maersk fell victim to what has since been labelled the most devastating cyber attack yet. The conglomerate was targeted with an exploitative ransomware called NotPetya which gained entry to its IT systems through outdated software patches in its accounting software. The malware spread throughout Maersk’s global network, effectively shutting down its operations at 76 ports. The estimated cost of the attack on the company’s operations was a staggering $200-300mn.

An ever-present threat

It’s not just the principal target of an attack that is affected. Countless businesses that rely on Maersk’s shipping services would have been impacted by the NotPetya attack. But for each of those businesses, the risk doesn’t just lie in the third party organisations they deal with. Their own assets could easily be targeted in cyber attacks, potentially wiping out critical supply lines.

There’s no doubting that supply chains are at risk, so what can businesses do to safeguard supply chain continuity in the face of a cyber-attack? To ensure resilience in the supply chain, businesses need to be able to prepare for the unknown.

By exploiting software vulnerabilities, NotPetya was able to circumvent antivirus software. The fact that a leading global shipping conglomerate’s security measures weren’t enough to stop such an attack highlights the severity of the threat to any other business. With cyber attacks becoming increasingly sophisticated, it’s difficult to envisage the point at which absolute protection can be guaranteed.

Based on the rate at which attacks seem to be taking place, predicting and preventing such attacks seems near impossible. In 2018, cybersecurity firm Malwarebytes warned that cyber attacks on businesses had surged by 55%. While there’s no escaping the threat of a cyber attack one day impacting the supply chain, whether through an attack on a business’ own assets or those of a supply chain partner, businesses need to be able to ask, and answer, difficult questions. What would the cost be if one of your facilities was taken out by a cyber-attack and you had to move production to another facility? How quickly could you restore service?

To benefit from reliable answers that will inform an effective strategy for dealing with such an attack, businesses need the ability to test ‘what-if’ scenarios. Technology that enables this will be key to contingency planning against potential cyber threats.


Preparing for the worst, even if the worst never happens

Fortunately, it’s not all doom and gloom. As existing forms of attack continue to wreak havoc and new forms of attack materialise and make new headlines, businesses can use technology to test the impact of different types of attack and their different outcomes, simulating different strategies to cope with the fallout.  

Supply chain modelling technology that allows businesses to build digital models of their physical supply chains is readily available. With this technology, businesses can test ‘what-if’ scenarios and inform contingency planning through a process that is becoming commonly referred to as ‘digital twinning’.

By feeding data from the supply chain into the modelling software, businesses can build a digital model of their physical supply chain. Different scenarios such as moving production to different facilities can be tested in this safe, risk-free digital environment without impacting the physical supply chain. If one test scenario fails to provide the desired results, the model can be reset and new scenarios can be tested.  

What to look for in supply chain software

There are other applications that this technology can be used for beyond contingency planning against potential cyber threats. The technology has also become an essential tool for testing supply chain scenarios that help businesses contend with other modern challenges such as increased sustainability or protecting the bottom line against trade wars and tariffs.

Organisations reap the greatest benefits by investing in supply chain design and decision making software that provides one single end-to-end supply chain data model and reference system. It should provide visualisation of your existing supply chain in its current state, complete with descriptive and diagnostic analytics. It should enable decision making in a risk-free digital environment with predictive and prescriptive analytics and feature custom built apps that allow those decisions to be put rapidly into action.

In the age of ransomware, weaponized email attachments and other malicious cyber threats, businesses operating complex supply chains must start thinking about when, rather than if, a cyber attack will impact them. To lessen that impact the best they can, businesses must invest in supply chain modelling technology that provides a risk-free testing environment for multiple scenarios, providing readiness and resilience in the face of escalating cyber threats.

Don Brenchley, Director of Industry Strategy, LLamasoft

Don is a retail supply chain and IT management professional with an exceptional range of commercial experience and highly respected by colleagues in the global supply chain community. His experience includes management roles with blue chip organisations including Procter and Gamble, J. Sainsbury and Safeway. This practical experience has been invaluable in later leadership roles with consulting and retail technology organisations.

He matches pragmatism with innovation and thought leadership to help scope world class capabilities in leading organisations. He is a champion of the collaborative supply chain and believes fervently that technology is part of the supply chain and not apart from it.

Share article

Jul 7, 2021

ServiceNow pumps millions into EU service compliance

Schrems II
2 min
ServiceNow has announced a multimillion euro investment in EU services, providing customers even greater trust, choice, and control over their data

ServiceNow, the digital workflow company, has announced a multimillion euro investment to help EU customers meet compliance requirements.

The legal, technical and organisational safeguards will help companies to comply with the the Schrems II judgment and European Data Protection Board (EDPB) Recommendations issued in June 2021.

ServiceNow’s investment means all EU-hosted data will be exclusively handled within the EU, and the cloud-hosted digital workflow provider claims its solution will come “without impact on current delivery and service”.

ServiceNow upgrade: free of charge

There will be no cost for current customers to opt in to the data compliance solution, even though ServiceNow is investing an unspecified multimillion euro sum and hiring more than 80 new staff across the bloc.

Mark Cockerill, vice president legal, EMEA and global head of privacy at ServiceNow, said: “With any regulation change, cloud services companies have a choice. They can adopt a ‘wait and see’ approach or get proactive and help customers and partners innovate. At ServiceNow we are on the front foot, continually investing in our customers, allowing them to operate with the highest level of choice and control over their EU data.

ServiceNow upgrade: ‘peace of mind’

“Our new EU-centric service delivery model will give our current customers and partners peace of mind. For customers and partners operating in highly regulated industries, or in the public sector, or those that have yet to make the switch to the cloud, this model gives them certainty and simplicity when selecting the cloud service that best suits their needs.”

Carla Arend, lead analyst, cloud in europe for IDC, said, “The Schrems II ruling has led European organizations to revisit their cloud-related data protection policies and processes when it comes to international data transfers through cloud services.

“Contractual, privacy, and security safeguards and the assurance that data will be kept and handled in the EU help European organizations to comply with European data protection laws while taking advantage of global cloud platforms. Vendors, such as ServiceNow, that invest to support their customers in response to this ruling are providing essential choice to their customers.”

Share article