Cyber breaches, not coal in their stocking, is what businesses are worried about this holiday season.
With the news Monday (Nov. 25) that supply chain management software provider Blue Yonder was reportedly been hit by a ransomware attack whose downstream impact affected large enterprise customers like Starbucks and the U.K. grocery chain Morrisons, it’s clear that a single weak link in a logistics provider chain can cascade into further, unintended disruptions.
The Blue Yonder news was no isolated incident. It comes just barely two weeks after grocery giant Ahold Delhaize said a number of its pharmacies and eCommerce operations were affected by a cybersecurity issue within its U.S. network.
The attack surface for cybercriminals expands dramatically with every new digital touchpoint. Hackers exploit vulnerabilities in IoT sensors, third-party vendors and software integrations to infiltrate networks, as evidenced by recent ransomware attacks that have paralyzed global operations of critical sectors.
Particularly as digital platforms continue to streamline and transform traditional supply chain operations, cybersecurity around the supply chain is becoming a critical consideration for firms looking to keep their operations running like clockwork.
2024 was the year of the cyberattack, but 2025 doesn’t have to be.
Read more: 3 Ways B2B Innovation Is Embedding Holiday Magic Into Supply Chains
From procurement to delivery, digital platforms have revolutionized how goods and services move from point A to point B — even across traditionally manual sectors.
“The metals space is not the first thing to be thought of when digital is being discussed, and the first thing I like to do is challenge that thinking,” Shep Hickey, CEO at metal digital marketplace Bryzos, told PYMNTS. “Because if you go out in any fabrication warehouse or fulfillment center, there’s technology all over the place. Digital clearly represents value to these businesses.”
But these advancements come with risks. Cybercriminals increasingly view supply chains as lucrative targets, exploiting their interconnected nature to launch ransomware attacks, steal sensitive data or disrupt operations. A single weak link — be it a poorly secured vendor or an outdated system — can expose an entire network to vulnerabilities, and attacks often exploit third-party vendors who may lack robust security protocols.
Citing the recent CrowdStrike cyber incident as an example, Regina Lewie, senior vice president and chief risk officer at Corporate One Federal Credit Union, told PYMNTS that the new threat landscape can be full of surprises for unprepared businesses. “Even without direct involvement, we had to react quickly to protect our members and maintain trust,” she said, noting that third-party risk management is a growing focus.
“These programs are so intertwined now. You can’t talk about risk management without addressing third-party risk and business resiliency. It’s no longer a ‘check-the-box’ exercise,” Lewie said. “Your vendors’ programs must meet or exceed your risk requirements — you don’t lower your standards to theirs.”
That holds especially true when the vendor is responsible for something as critical as supply chain management and logistics.
Read more: Digital Evolution of Finance Function Sees CFOs Embracing Cyber Duty
Even the federal government is taking note. A bipartisan bill has been introduced in the Senate that calls for the Department of Health and Human Services to update the HIPAA regulations to strengthen cybersecurity for American hospitals and healthcare organizations. The legislation could require businesses in the healthcare sector to adopt multi-factor authentication and other minimum cybersecurity standards.
“The barrier for entry has never been lower for threat actors,” Discover® Global Network Chief Information Security Officer Sunil Mallik told PYMNTS in July.
And while regulations can help provide a baseline, proactive companies are going beyond that to build resilience into their system.
“We’ve needed to rethink, from the ground up, how we architect security,” Mastercard Chief Product Officer Jorn Lambert told PYMNTS in October.
Firms embracing digital supply chains must now grapple with how to protect their operations without stifling innovation.
Alicja Cade, director in the Office of the CISO at Google Cloud, told PYMNTS that cybersecurity must be “baked into the DNA” of a business. It cannot be siloed within the IT department but must be integrated into every part of the organization, from business processes to leadership decision-making,
As supply chains become more digital and interconnected, the stakes will only grow higher. Companies must strike a delicate balance: leveraging technology to drive efficiency while fortifying their networks against ongoing cyber threats.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More