Lighthouse_Supply Chain_3-1

From One Crisis to the Next: Supply Chain Issues and Climate Change

Reading time: 8 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

On the face of it, cybersecurity and climate change couldn’t seem more different. While both are major threats that carry real-world risks, they tend to be tackled by organizations as separate issues with the term “climate change” rarely discussed among IT leaders and security teams.

However, not only are both very real threats that are expected to only accelerate in the future, but they are more intrinsically connected than you might think. In fact, some experts believe that climate change is the biggest security threat that mankind is facing.

The many supply chain issues and cybersecurity

As demonstrated by the COVID-19 pandemic, major world events can have a huge impact on cybersecurity. As organizations shifted from office-based to remote working and embraced digital tools to facilitate this shift, cybercriminals were quick to take advantage; not only did hackers use coronavirus-themed lures in their social engineering attacks, but the number of ransomware attacks also increased by more than 500%.  

As well as launching more attacks than ever, ransomware actors also used the pandemic to turn their attention to bigger targets. This, in turn, had more devastating real-world consequences.

For example, JBS USA Holdings paid the equivalent of $11 million in ransom to put an end to a major ransomware attack that forced the company to temporarily shut down some operations in Australia, Canada, and the U.S. Similarly, the Colonial Pipeline ransomware attack, as it has come to be known, led to panic buying of gas and resulted in the company paying a $5 million ransom just one day after the attack occurred.

Russia’s invasion of Ukraine is another example of the impact a world event can have on supply-chain security. State-backed cyber criminals have used the war to further weaken global supply chains, with the Cybersecurity and Infrastructure Security Agency (CISA) warning that organizations both within and beyond the region need to be prepared for “malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.”

A bigger supply chain crisis on the horizon

Many believe the climate crisis could lead to an even worse supply-chain crisis, with climate-related factors such as shifting weather patterns, resource availability, and mass migration introducing new or heightened risks in an already complex landscape.

This is particularly true for key sectors such as energy, water, and food production, which are likely to feel the most severe impacts of climate change over the next decade. Periods of drought could limit access to clean water, while heavy storms can knock out electricity and gas pipelines, potentially leaving people without power, heating and food. When such critical resources are threatened, they and the systems that supply them become highly attractive attack targets for malicious cyber actors — as we have seen during the COVID-19 pandemic. 

A recent cybersecurity advisory penned by the U.S. Department of Energy (DOE), CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) warned about rising cyberattacks on Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices as adversaries using custom-made tools to attack critical infrastructure. In the event that key resources become limited, the likelihood of nation-state actors or criminals taking advantage increases.

Another consideration is that the effects of climate change — from violent storms to drought-inducted fires — can lead to power outages and take systems offline. Organizations that rely on data centers to deliver their services could find themselves unable to do so, leaving them vulnerable

Instability, food insecurity, and widespread environmental damage also contribute to the kind of despair and hopelessness that leads to mass unrest and criminal behavior. Again, as we’ve seen during the pandemic, such desperation is likely to lead to an increase in financially-motivated scams and cyber attacks, as well as an evolution in hacking techniques as threat actors look for new opportunities to take advantage of social disruption and decline.

Building cyber resilience, with sustainability in mind

While proactive cybersecurity won't reverse the effects of climate change, it will help organizations to become more resilient. As the climate crisis worsens, businesses need to make supply chain security a high-priority. As we’ve seen with the recent attacks on Colonial Pipeline and SolarWinds — an attack believed to have been carried out by Russia-backed actors that led to a number of major data breaches — the consequences of poor supply-chain security can be extensive.

A supply-chain breach can disrupt operations, lead to unnecessary costs and, in the case of key sectors, can disrupt the delivery of critical services to consumers and businesses. 

The challenge with supply-chain security is that unpatched vulnerabilities, misconfigurations, and poor cybersecurity defenses threaten not just the organizations that harbor them, but also their customers. Whether politically or financially motivated, threat actors are increasingly targeting smaller companies to gain access to bigger targets. 

In the face of worsening global crises, organizations need to minimize risks from using software developed by another organization, and secure organizational data accessed by another organization in your supply chain. Just like the planet, hackers are evolving, so organizations cannot take for granted that the software that they use or purchase is secure.

Find out how Endpoint Risk Analytics can help your organization with supply chain risk management and improve your resilience.

 

CONTACT AN EXPERT