Once upon a time, in a world long, long ago…well actually not that long ago, there was an enterprise. This enterprise had control. It controlled who accessed its applications and data; it controlled who took that data outside of its company walls. It was a fine kingdom, protected by a strong wall.
Then the Internet happened. The enterprise could no longer keep everything inside the kingdom walls. The walls started to break apart and the company had to look at new ways to protect itself.
The short story above is a very simplified history of what has happened to organizations of all types and size, across every industry sector in the last ten years. We all are now very aware of the changes to the organization perimeter, how it has been extended and then made fuzzy. How the tools to control the cyber security threats have had to evolve to handle this change.
Now, just when we have gotten used to the extended enterprise perimeter, a new technology has entered our kingdom, not only making the perimeter fuzzy, but also smashing it apart. This technology is the Internet of Things or the IoT.
Supply chains can be complex and convoluted. If you were to map one out on paper, including all of the possible tiers of suppliers, it could end up looking like something only a mathematician could understand. The IoT has just taken this complexity and added an order of magnitude to it. The IoT is big and getting bigger. Gartner have predicted that by 2020, half of all new business processes will incorporate some element of the IoT. These new elements are adding more ‘moving parts’ to the chain; and of course, any additional point is a potential point of failure. In our Kingdom analogy, it is like the castle walls have fallen away almost completely.
As we know, the supply chain can work like a domino effect. If one domino is knocked over, it hits any connected dominos until the whole chain falls over. One example of many was with the car manufacturer, Citroen, where a breach of customer records took place. In this case, it was a supply chain member, a site selling Citroen related gifts that opened the doors to the kingdom. Hackers added a backdoor to the sales site using an Adobe ColdFusion vulnerability. The impact isn’t always just direct loss of data, etc. either, reputational loss, from association can also be very costly to a brand. Simply put, any application or device (IoT or not) across the supply chain is a domino. If each part does not have the correct security in place, the rest of the chain is impacted – security is the responsibility of every member of the supply chain because it has the potential to impact every member.
The IoT is a force for both good and bad. The World Economic Forum in their Global Risks 2015 report stated that, “While the “Internet of Things” (IoT) will deliver innovations, it will also entail new risks.” In terms of the supply chain, the IoT will add a whole new level of complexity to the chain. But the Internet of Things is also a force for good. The IoT can certainly improve supply chain processes and logistics. One of the key offerings of IoT devices is the data the devices can generate. This information can be used to analyze processes, creating a more demand driven chain, improving logistics and ultimately cutting costs. However, it is the very benefit of the IoT that is also its potential security downfall. As more IoT devices are used to make the chain more efficient and data focused, more points of failure are added to the chain. All of these new devices and things need to have security risks analyzed. The risk assessment of such complex chains is in itself, highly complex. More devices increase the risk of breach and therefore more points in the system need to be secured.
And of course, as expected, cybercriminals will exploit this new technology. Gartner have said that on the back of the IoT a ‘black market’ will take shape, selling fake IoT sensors which can then be used for cybercrime. Without due care, these sensors will then become an intrinsic part of the overall supply chain, creating baked in security holes and back doors. If your chain becomes infected with a spoofed IoT device the whole chain is compromised.
The use of the IoT within a supply chain offers us focused intelligence. We can use the data generated to improve chain efficiency, make more informed decisions and offer better services to our customers. But we must recognize, this sea change in the way we generate data and extend our touch points, brings with it new security challenges and increased risks. To ensure the benefits of the IoT out way the risks, we need to ensure that we take those risks seriously and put measures in place to mitigate them. Only with insight, analysis and knowledge of effective security measures can we ensure that the IoT becomes a kingdom maker, rather than a kingdom destroyer.