Protecting Supply Chain Operations With Better Cybersecurity Awareness
Today’s industry professionals can help mitigate the risk for cyberattacks by serving as advocates to offer better support.
November 12, 2024
At a Glance
- Supply chain cyberattacks are rising globally, with the medtech sector particularly vulnerable.
- Experts recommend proactive cybersecurity collaboration with suppliers.
- Ashley Mancuso will address advancing cybersecurity in supply chain operations at MEDevice Silicon Valley next week.
As the rate of cyberattacks continues to increase worldwide, certain types of targets are becoming more attractive and lucrative to criminals. Among the more threatened sources today is the global supply chain and the collective software connected to it. Much like with the healthcare industry, the interconnected nature of the supply chain and an increasing collaboration with third-party vendors to meet the needs of customers provides a wealth of resources that are worth infiltrating.
This creates the potential to cause wide-ranging disruption when targets are compromised, resulting in opportunities to seek extravagant demands when victims attempt to recoup their losses.
According to Statista, approximately 183,000 customers were affected by supply chain cyberattacks globally in 2024 alone. As the ever-evolving landscape of supply chain operations continues to become more reliant on digital technology, it’s becoming more important for organizations to enhance their cybersecurity posture.
During the upcoming MEDevice conference in Silicon Valley, CA, Ashley Mancuso, vice president of medtech BISO and product security at Johnson & Johnson, will provide one of the keynote sessions on “Advancing Cyber Security in Supply Chain Operations.”
Mancuso recently participated in a Q&A with MD+DI to discuss how today’s stakeholders in the medtech industry can play effective roles in protecting supply chain software from future attacks.
What are common examples of cyber threats today that particularly impact the medtech industry and the supply chain?
Mancuso: “Manufacturing is among the most targeted sectors by cyber criminals, with 55% of manufacturers in 2021 hit by ransomware attacks. The inherent complexity of ensuring robust cybersecurity across interdependent supply chains, which involve collaboration between operations, manufacturing, and distribution sites, presents challenges. However, there are ways organizations can strengthen their resilience. As companies build interconnected supply chains and often rely on a network of vendors for essential services, it’s vital to understand and align on the security protocols that each vendor follows. By fostering a culture of cybersecurity collaboration among vendors, organizations can collectively close the door on potential vulnerabilities that cybercriminals might exploit."
“Moreover, the increasing incorporation of Internet of Things devices into supply chains, while beneficial, highlights the importance of vigilance. These devices can serve as potential entry points for cyberattacks. But by implementing strong security measures and adopting best practices, teams can help to mitigate the risks. Regulatory compliance is another critical area to reinforce cybersecurity efforts. By adhering to established standards, companies can not only protect themselves from threats but also can enhance their reputations and avoid financial penalties.”
What unique considerations are there today when it comes to fortifying defenses against cyber threats in supply chain operations and medtech?
Mancuso: “In modern supply chain environments, the growing demand for connectivity and data and analytics is driven by the need to proactively manage digital supply chain environments, such as with preventive maintenance. As supply chains become more digital, there should be a shift from the traditional model of segmentation towards more innovative approaches, enabling increased connectivity. Organizations must leverage advanced technologies to analyze data in real-time, enabling them to anticipate and address potential issues before they escalate. This transition not only enhances operational efficiency but also underscores the importance of creating agile and responsive systems that can adapt to changing conditions and improve overall supply chain resilience."
"The increasing digitization and operational complexity of medtech and supply chain, including intricate networks of suppliers and manufacturers, also underscores the necessity of more advanced security protocols. This requires a cyber strategy that safeguards physical assets, including unique operational technology, or “OT devices,” while ensuring the integrity and confidentiality of data and operational availability. Overall, companies should adopt a holistic approach to cybersecurity, incorporating continuous monitoring, real-time threat detection, and agile response mechanisms to adapt to emerging vulnerabilities.”
What are examples of innovative technologies and/or tools that can improve risk sensing and response capabilities today?
Mancuso: “Data and advanced analytics, pattern recognition, and automation capabilities of artificial intelligence (AI) are exciting areas of technology that can help enhance threat detection and response time. As a company, we are committed to keeping people at the center of our work – leveraging AI and digital technologies to help us work smarter and faster, but never removing the critical role of human care and intelligence.”
What are the best steps to implementing proactive engagement with suppliers, partners, and stakeholders?
Mancuso: “It's crucial to engage proactively with suppliers, partners, and stakeholders. This involves establishing clear communication channels, conducting joint risk assessments, and implementing standardized cybersecurity requirements. Providing training and resources helps partners understand risks, while regular security audits ensure transparency and accountability. Collaboration on incident response planning and fostering a culture of security among all parties is essential. Additionally, monitoring for vulnerabilities regularly helps adapt to evolving threats.”
What does it mean for employees to be empowered to act as cybersecurity advocates?
Mancuso: “When employees are empowered to act as cybersecurity advocates, they become integral to the organization’s security framework. This empowerment involves providing them with thorough training on cybersecurity threats and best practices, which helps them to understand the critical role they play in protecting sensitive information."
"Empowered employees feel comfortable speaking up about potential security risks, and are given the tools and resources to identify and mitigate these risks, if and when they arise. They take ownership of their responsibilities regarding cybersecurity, understand policies, and taking part in organized trainings that reflect their real-world experiences. By creating a culture that recognizes and rewards proactive contributions to cybersecurity, organizations foster an environment where everyone actively helps safeguard the organization’s digital assets. Ultimately, this collaborative approach enhances security and reduces vulnerabilities across the board.”
About the Author
You May Also Like