On May 30, JBS, the world’s largest producer of beef and pork was hit with a major ransomware attack. The outage impacted the company’s operations in the USA, Australia and Canada. The growing trend in ransomware attacks highlights the vulnerability of organizations in many industries.
As attacks grow in size, the supply chain effects become evident
The JBS outage comes only a few weeks after the Colonial Pipeline ransomware attack that impacted half of the East Coast’s gasoline distribution, and a few months after major healthcare facilities were hit. There is an indication that the size of these attacks is now beginning to affect supply chains.
The direct cost from lost operations, and the payment of ransoms aren’t the only concerns. There is clearly a domino effect that can occur in supply chains. Each organization usually depends on key players in an industry.
Even in small business environments, there is almost always a key supplier that impacts the operation of many others up and down the chain. And when one of these entities gets hit with a cyber-attack, it can have major, unexpected consequences. In particular, the largest businesses will need to start enforcing cybersecurity standards on their supply chains. This is an attempt to reduce the risks of cyber-attacks knocking out key links in the chain, and spreading from one supplier to another.
Standards are good, but the key is in developing and monitoring cyber security proficiency of employees
To strengthen security in these supply chains, we are already seeing a new trend in standards such as SOC 2 and the Cyber Maturity Model Certification (CMMC) among even small service businesses and manufacturers. The intent is to make the supply chain more resilient through employee awareness of security requirements. But while standards compliance can show visible action on the surface, it doesn’t mean that there is significantly less risk from employees being vulnerable or making poor risk decisions.
The businesses working to become compliant with these standards may still be vulnerable after a certification is achieved. This can be especially true if their staff don’t take the requirements of the standard seriously. In fact, they may still not even really know how to implement the security procedures that are intended to protect those business systems.
The best way to ensure that these standards are followed is through a full program of proficiency training and exercises that engage all employees to defend the business’s systems and data. Simulations and gamified challenges effectively engage employees and improve their knowledge retention.
Did you know that Click Armor’s gamified simulation solution has been shown to improve employee proficiency in handling phishing threats by up to 50%?
We can provide gamified challenges and simulations in many risk areas. We can also do gamified assessments for teams, without the need to register employees. You can try a simple gamified phishing assessment at www.canibephished.com to test your own phishing awareness skills.
Contact us to learn more.