You can forget the Global Pandemic of 2020 and 2021 – but who can forget the catastrophic events of early 2018 when Kentucky Fried Chicken – ran out of chicken!?
I am a fan of KFC (other fried chicken restaurants are available) but was living in rural France when the disaster hit the UK and remember feeling slightly amused by the scenes on the news of disgruntled customers and people feeling like the Planet had stopped revolving because KFC no longer had any ‘C’.
The reality was of course that the impact was far more serious for KFC who lost a bucket load of money (see what I did?) and probably some loyal customers who suddenly found that Keighly Fried Chicken was just as finger lickin’ good.
Who was to blame? KFC blamed their supplier and delivery provider – the delivery provider blamed KFC but somewhere in the system – the supply chain broke and regardless of who was to blame, it took a while to fix, revenue was lost and dare I say it – lives were changed forever.
Fast forward to recent times and supply chain problems are still making the news.
The fact is that nearly all businesses and organisations rely on Supply Chain to survive. That could be a supplier, a provider of services or a cloud service provider. The organisation is only as strong and protected as each link in the chain.
Service Level Agreements and other contracts are important and vital in most cases. But they are still not 100% secure or watertight and supply chain vulnerabilities are here to stay and dare I say it – are only going to get worse.
Recent cyber attacks against Ticketmaster and the NHS in the UK have indicated that the attack was mounted against supply chain and not directly at the organisation which suffered as a result.
The NHS have categorised the attack as critical and despite having robust business continuity and disaster recovery plans in place – lives are now at risk because of a ransomware attack against the supply chain. This type of attack is why the Computer Misuse Act (CMA 1990) was updated nearly 10 years ago with section 3ZA (Unauthorised acts causing, or creating risk of, serious damage).
The maximum penalty for this offence is life imprisonment.
I am confident that the perpetrators of the recent attack on the NHS have the criminal intent for financial gain as most ransomware attacks are for this purpose – but their actions have had serious implications on the health and wellbeing of patients and people who need medical treatment.
This attack shows how fragile our critical infrastructure can be when there is a weak link in the chain and what the implication of these weak links are.
The weakest link in the chain are the people who look after it. As after all – they are people who can either be too trusting or too lazy (it is not a slur – it is human nature) but it once again reflects on the fact that cyber security is not necessarily a techy ‘IT’ thing – but a people thing.
There are lots of moving parts to an organisation – the bigger the enterprise the more links in the chain. The bigger the chain – the bigger the risk.
Risk analysis & assessment, threat & vulnerability scanning, auditing, working alongside Governance, Risk & Compliance, testing systems, defence & response, monitoring, reporting and user awareness training – that is cybersecurity (it’s not just about hacking stuff).
Recent events – and I predict – future events will highlight the fact that cyber security is a constantly evolving playing field and a great career path for anybody who cares about people (not just hacking stuff).
Link Long & Prosper
