The COVID-19’s pandemic’s effect on physical supply chains has been discussed quite extensively, but the increased reliance on digital technology has also increased the risk on virtual supply chains. Disruption of virtual supply chains now has greater impact on businesses and economies, and this impact is only likely to increase in the future.
“The virtual supply chain has the potential for a cyber incident or event to disrupt relied-on technologies and impact the digital assets that a company uses, including communications technologies, hosting technologies, information technology, and software,” said Bethany Vohlers (pictured above), vice president of cyber solutions at Verisk. “For a large company, this can impact the software or providers that they use to store information, access data, and conduct day-to-day business. If those providers are affected by a cyber event, that could trickle up the supply chain and have a tremendous business impact to companies who rely on it.”
According to Vohlers, a disruption in the virtual supply chain can also cause a disruption in the physical supply chain, compounding its effects.
“We saw this with the Colonial Pipeline event last year, as this was a loss event initially triggered by a cyber attack, but which ultimately manifested as disruption to the physical supply chain since it impacted the availability of a physical asset – oil and gas,” she said. “This led to an even more significant impact to businesses who relied on gasoline to operate, generating additional disruptions down the line.”
The recently concluded Winter Olympics is an example of a major event that had to contend with virtual supply chain risks in order to proceed smoothly. Organizers had to closely work with the broadcasters, sponsors, and suppliers who make the event possible.
“With spectators still limited, we are relying even more heavily upon technology than usual to stream content, save content, and monetize the event virtually in new ways,” Vohlers said. “Should a broadcaster or sponsor be impacted, this could take down services and lead to a media blackout or a loss of content. The resulting contingent business disruption can trigger lost viewership and a significant amount of lost revenue from a disruption of that magnitude.”
One major cause of disruption risk managers should look out for is ransomware which can spread malware far beyond the initial target.
“If a bad actor were to target a supplier’s third-party vendor software or even its hosted services, they could propagate the infection up the virtual supply chain and impact their actual intended targets – that is, the larger companies who operate the games, including sponsors, suppliers, and broadcasters,” Vohlers said. “Overall, fears of telecom disruptions and ransomware attacks through the virtual supply chain are founded. The damage that could be caused by these risks has increased with the reliance of technology to broadcast the games versus having in-person spectators.”
According to Vohlers, regardless of size, a company is only as strong as its weakest link. And typically, that is its people.
“When you think of threats like ransomware, they are often initiated through phishing emails or by someone simply clicking on a link that shouldn’t have,” she said. “Now, more than ever, companies must invest in proper user training for their employees in addition to practicing strong cyber hygiene habits. It is essential to be hyper-vigilant during an event like this, as bad actors can easily make an email look like it is coming from a vendor, which is where the importance of training comes in.”
Event organizers and sponsors should always have a plan for backup services, preferably with redundancies. In case of an outage that impacts a broadcaster’s cameras, having backup cameras on standby could lessen the business disruption and have the broadcast back up and running quickly.
Aside from organizers and broadcasters of events, virtual spectators must also be mindful of cyber risks, Vohlers said. Cyber crime incidents have sharply increased during the pandemic, and criminals and fraudsters are lying in wait to snag both individuals and businesses.
“In a time when so many spectators are enjoying the events by tuning in online, there are bound to be websites that may look legitimate but are malicious,” Vohlers said. “There is often a lot of fraud tied to events of [the Winter Olympics’] scale, and phishing emails and malicious websites can be designed to look like they are a safe and trustworthy source for spectators. It is necessary for virtual spectators to understand that they are not immune to these threats just because they are not the big sponsors. Bad actors will play off your emotions and what they know you are interested in. They will learn about you to try and spread malware and gain access to your systems and data.”