Last week, an unprecedented cyberattack crippled many popular websites — including Twitter, Netflix, PayPal and Reddit. While the size and breadth of the attack made lots of headlines, the truth is that similar cyberattacks are waged every single day, and they could pose a risk to your business or your supply chain.
While there is no way to completely mitigate the risk of a cyberattack like the one carried out last week, understanding the nature of the attack and taking a proactive approach to cybersecurity, can prove helpful — especially as businesses (and even factories) become increasingly connected to, and reliant on, the web.
While you likely have heard of many of the sites impacted by the attack, chances are you haven’t heard of Dyn, which was the actual target.
Dyn is one of the largest Domain Name System (DNS) service providers in the world. Essentially, they act as a digital phone book — when you type a site into your browser, Dyn translates the words into a series of numbers (IP addresses), and connects you to the content.
On Friday, October 21, hackers flooded Dyn with a barrage of hijacked web traffic that knocked their servers offline. This type of attack is called a Distributed Denial of Service (DDoS). Reports indicate that a large portion of this malicious traffic came from infected Internet of Things (IoT) devices, such as DVRs, webcams, routers, etc.
Fortunately, by Friday evening, Dyn was able restore service, and the attacks eventually ended.
How can DDoS attacks disrupt manufacturing and supply chain professionals?
There are three ways that DDoS attacks can impact manufacturers and procurement professionals:
Restricting access to your site: This is obvious: if customers and prospects can’t reach your website, they could become frustrated and turn to a competitor. If you are an eCommerce-based business, these types of disruptions can be especially painful.
In addition, these attacks can disrupt access to your intranet or internal sites, which can make it difficult to share information with sales people, distribution channels, and even customers.
Preventing you from using tools and information you rely on: Losing access to news and social media sites can be frustrating; but not being able to access business-critical tools can be downright devastating.
With many manufacturers and supply chain organizations growing increasingly reliant on cloud solutions for everything from email to RFx hosting, a DDoS attack could make it difficult to simply do your job.
Taking control of your IoT devices: The Internet of Things offers tremendous benefits to job shops and manufacturers, and these advantages can be a boon to the supply chain as well. However, the connectivity inherent to IoT can also pose a significant challenge.
Hackers were able to take control of household IoT items in last week’s attack. However, IoT devices in your warehouse — or the warehouses of your suppliers — may be used in the future. Unfortunately, it’s often very difficult to tell when, and if, an IoT device has been compromised.
So what can you do?
Cyberattacks of the size and scale perpetrated last week are rare, and they cannot always be prevented. After all, Dyn is one of the most technically advanced companies on the planet, and they still fell victim to the attack.
However, you are not defenseless. There are measures you can take to reduce the likelihood of being attacked and to limit the fallout should a cyberattack occur:
- Leverage IT as a strategic partner: Given the high stakes of today’s cyber threats, manufacturers and procurement professionals need to leverage the expertise of their counterparts in IT. Bring IT into your conversations; let them know more about your business-critical tools; and ask for their security suggestions. If you don’t have an IT department, consider working with a consultant who is proven in your industry — don’t just rely on a friend of a friend or some random person in the phone book. Take security seriously.
- Educate your staff: Cybersecurity training should be part of every employee’s onboarding process, much like HR training. Set the ground rules for what devices can and cannot be used in your facilities, explain proper protocols, and make sure everyone understands the importance of following the guidelines.
- Weigh the pros and cons of IoT: IoT is the future, but it poses security challenges today. Before investing in connected technology, be sure to investigate the potential risks involved as well.
- Be ready to respond: If a cyberattack does impact your business — either directly or through a site or service you rely upon — you should have a communication strategy in place to inform your staff and your customers. Transparency is crucial.
In an increasingly connected world, buyers and suppliers alike need to recognize cyber risks and take a more proactive approach to protecting their organizations online.