Back to Hub

Insights into Supply Chain Cyberattacks: From Ports to Production

While cyberattacks have taken place in a variety of forms since the 1990s, the threat has become more palpable and acute in the past decade with businesses increasingly relying on networked systems and the internet of things (IoT), especially in the logistics and supply chain space. In a recent survey conducted by the American cybersecurity technology company Crowdstrike, 66% of IT decision makers said their companies had suffered a supply chain cyberattack in the past 12 months, bringing to light a threat that many considered an abstract concept.

In 2016 and 2017, the amount of data breaches caused by a third party in one’s supply chain due to negligence rose 14%, while no-fault data breaches rose 23%. Whether the risk stems from a virus, internal bug or insider threat from within one’s organization, the effects on production line, distribution network, shipping, supplier communication or even residual risks left over from a terminated vendor relationship, pose considerable danger to firms and beyond. Moreover, the scope with which cyberevents must be observed and mitigated require an ever-more invested and communicative approach to ensure that when the inevitable does occur, all parts of one’s supply chain can effectively work together to defend and keep operations on track.

Knowing what each type of cyberattack entails can facilitate understanding, communication and coordination throughout one’s supply chain. Most well-known cyberattacks affecting supply chains include data breaches, ransomware, denial of service, vulnerabilities and phishing. See the chart for how these threats work.

Type of Cyberattacks

2017: Tipping Point for Supply Chain Cyberattacks

 The U.S. National Counterintelligence and Security Center declared 2017 a “watershed” year in terms of cyberattacks, made via supply chain infiltration, with an escalation of 400% since the previous year. This only represents known incidents, as those unrecorded are anticipated to be far higher. That year saw seven significant supply chain cyberattacks, a notable one of which was the worldwide WannaCry attack, which caused a multi-continental ransomware lockout that cost a single shipping line over $300 million. Other events in 2017 include the Netsarang breach, which entailed an 18-company backdoor hack affecting major IT manufacturers, resulting in the theft of information from energy, manufacturing, pharmaceutical, telecommunication and transportation companies, among several others.

2018: Supply Chain Cyberattacks Surged

Ever since the global outbreak of WannaCry and NotPetya, manifestations of cyberattacks have been relatively contained in comparison, yet with considerable potential for proliferation. In recent months, companies have been increasingly vulnerable to these proliferations. From May to September 2018, there was an average of seven cyberattacks per month. One of the most prominent was the COSCO Shipping outage on July 24, 2018. After initially manifesting at the Port of Long Beach, the attack against the shipping firm spread across nine countries on two continents. Moreover, the threat actor, named Leafminer, has targeted business verticals in finance, energy, telecommunications, construction and more across Iran, Azerbaijan, Afghanistan, Egypt, Israel, Saudi Arabia, Lebanon, Jordan, Kuwait, the UAE and Qatar.


To prevent and manage cyber-risks, firms are advised to have a response plan, which includes implementing risk control processes to detect threats in the early stages:

  1. Identify risks: Determine which vendors or third-party entities may have access to your firewall and could have the highest impact to your organization in the event of a cyberattack. When selecting possible vendors to work with, it is best to consider the amount of sensitive data that the vendor is handling, such as personally identifiable data, protected health information or financial transactions such as bill payments, etc. and assess suitable measures needed to ensure data security.
  2. Monitor incidents: As cyberthreats are continuously evolving and news reports of an incident becomes known, it is a continuous effort to assess and understand events impacting the vendors or third-party entities that your organization works with. The ability to persistently monitor one’s supply chain and the cyberthreat environment will be the best determinant in responding adequately to an incident.
  3. Assess potential impacts: Organizations should be aware of the potential effect on their business operations and assess the areas of vulnerability from multiple angles so as to understand the areas that are likely to be hit first. By understanding the risks to your supply chain through the strength of your network, ability to counter a hack, recover and evaluate exposure, one may strengthen the supply chain as a whole.
  4. Develop risk scenarios: Develop potential threat scenarios and plan accordingly to different situations with the resources required on what the impact would be for a particular risk. Response processes that include technology and human intelligence analysis are likely to be required. Protocols and emergency response teams should be established and understood by all parties once the cyberattack unfolds.
  5. Response actions: Once a threat has been identified, it is imperative to investigate the matter and cascade information in a timely manner to all relevant authorities. Once it is confirmed, organizations should inform affected internal and external stakeholders, and activate internal and external emergency response teams to rectify the issue.

In addition to having a response plan in place, companies should follow three overarching principles that can best prepare them for potential vulnerabilities in the supply chains in the context of cyberspace:

  1. Accepting the inevitability of an attack
  2. Ensuring continuous monitoring
  3. Communicating across one’s supply chain to ensure a consistent standard

2019 and Beyond

Cyberattacks are one of the biggest threats to supply chains for the future to come, and one that is expected to worsen with time. With mitigation as early as possible serving as the credo for businesses, persistent monitoring, awareness and communication will be crucial to remain on top in this new threat environment. As such, businesses should seize the earliest opportunity to incorporate supply chain visibility and cyberincident monitoring tools into their daily operations to stay abreast of developments.

Daniel Boccio is an analyst for DHL Resilience360.