Ivanti: Social Engineering a Threat on Supply Chain Security
In an era where digital transformation is reshaping industries, the supply chain sector finds itself at a critical juncture.
The modernisation of warehouses, coupled with the proliferation of Internet of Things (IoT) devices, has ushered in unprecedented efficiencies. However, this technological leap forward has also exposed vulnerabilities that cybercriminals are eager to exploit.
Yet despite all this added attack surface, it seems supply chain managers may be looking in the wrong place when examining cyber vulnerabilities.
Ivanti's recently released report on Supply Chain and Warehouse Trends in 2024 which highlighted the human element as a significant weak link.
A surprising vulnerability
Ivanti's research reveals a startling statistic: 32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks, on par with software vulnerabilities (32%) and surpassing device-based attacks (19%).
Although social engineering is known as a strong place for attackers to try and leverage, due to it often being the path of least resistance, the fact that they have so many options, including often poorly secured IoT devices and still choose to attack this way is surprising.
This finding underscores a critical oversight in many cybersecurity strategies, challenging the conventional wisdom that focuses primarily on technological solutions, such as firewalls and intrusion detection systems.
One alarming example from the report found 54% of office workers were unaware that advanced AI could impersonate anyone's voice.
This knowledge gap goes to show why there is a clear pathway for threat actors.
The survey indicates that 59% of workers have received cybersecurity training, with 86% of those feeling responsible for keeping the warehouse secure from cyber-attacks, and 90% proactively practice cyber hygiene in the warehouse to prevent cyber-attacks.
Although training and education have served as a first line of defence for years, the speed at which AI is evolving doesn't allow training to keep pace.
Plus, of course, this statistic leaves 41% of workers with no cybersecurity training.
Such incidents can result in significant operational downtime, tarnishing a company's reputation and inflicting substantial financial losses. Moreover, given the vast amount of data warehouses possess, hackers may gain access to sensitive customer information, severely impacting trust and loyalty.
Despite these high stakes, the report reveals a concerning lack of urgency among some industry players. According to supply chain managers, cybersecurity is a top concern for only 58% of warehouses, whilst a worrying 13% do not view it as a concern at all.
The report highlights a disconnect between current budget priorities and the looming cybersecurity threat. Supply chain managers are allocating the majority of their budgets to sourcing and procurement (41%), workforce productivity (40%), automation technologies (39%), and lowering operating costs (39%).
Whilst these are undoubtedly important areas, the relative neglect of cybersecurity investments is concerning.
“The supply chain industry has been slow to adapt to the evolving cybersecurity landscape. With the rise of warehouse modernisation, the proliferation of IoT devices and the growing rate of cybercriminals targeting this industry, the risk of damaging cyberattacks has significantly increased,” said Daren Goeson, SVP Product Management, Unified Endpoint Management at Ivanti.
Treating social engineering
Social engineering is a sophisticated cyber attack strategy that exploits human psychology rather than technical vulnerabilities, targeting the most unpredictable component of an organisation's security infrastructure: people. These attacks manipulate individuals into divulging confidential information or performing actions that compromise system security by leveraging psychological triggers such as trust, fear, curiosity, or urgency.
One of the most common ways to deal with social engineering is with employee training. Yet, as mentioned, with gaps in training, and the growth in AI makes telling fact from fiction increasingly difficult, this becomes problematic.
Therefore, Darren suggests a technical solution for a human problem: “Warehouse and supply chain managers must adopt a multilayered approach, utilising advanced training and unified endpoint management (UEM) solutions to help mitigate or prevent human error.”
UEM solutions that can help mitigate or prevent human error. Regardless of operating system or location, UEM enables security and IT teams to discover, manage, configure and secure every device in the warehouse from one simple interface.
This way, if one system is infiltrated, systems are in place to stop the attack spreading.
“Warehouse and supply chain managers must adopt a multilayered approach, utilising advanced training and unified endpoint management (UEM) solutions to help mitigate or prevent human error.”
Beyond that, the report recommends operations IT professionals support warehouse deployments with strong passwords policies, set system access protocols (e.g., minimum necessary access), require data management software, force updates and, in worst-case scenarios, force lock-out and purge features.
Additionally, UEM provides visibility into applications installed on devices — meaning necessary applications can be pushed onto devices, or unwanted applications can be removed.
Keeping supply chains safe
As the supply chain industry continues to evolve, so too must its approach to cybersecurity.
By recognising the significant role that social engineering plays in modern cyberattacks and implementing a holistic defence strategy, warehouse and supply chain managers can build the resilience needed to thrive in an increasingly digital landscape.
UEM may play an increasingly important role in keeping warehouse operations secure as the nature of attacks, and their increasing focus on the human element, develop.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand