Cybercrime – A growing threat to the supply chain

The US retailer Target is facing tough times after a slow start in embracing e-commerce, its costly expansion into Canada and the much publicized security breach of customer data. Combined these issues resulted in the CEO in stepping down from his position.

While issues surrounding e-commerce and the Canadian expansion have indeed taken a toll on the company it is the security breach that proved the final straw. In December 2013, Target disclosed a breach of 40m credit and debit card accounts over a nearly three-week period before Christmas. Then in January, the company said hackers also stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70m customers.

Not surprising, the theft badly damaged the retailer’s reputation and profits. In fact, its fourth quarter revenue declined 5.3% and its profit fell 46%.

To improve security, Target’s new CIO announced plans to implement store credit and debit cards with chip-and-PIN security technology, becoming the first major US retailer to do so.

Cards with chip-and-pin technology are considered more secure than magnetic stripe cards because they are embedded with a microchip that generates a different, single-use code to process every transaction that is made. That means the card data is practically impossible to counterfeit, because even if the data is hacked, it can’t be used again.

Cybercrime such as what occurred at Target is on the rise. According to a study by the Center for Strategic Studies and security software maker McAfee, cybercrime costs the United States economy about $100bn each year.

And don’t think it only occurs in the retail industry. Intellectual property is among the primary targets for such security breaches – particularly for those industries in which competition is fierce for that next new product. An example of this allegedly involved three of the largest medical device companies – Medtronic, Boston Scientific and St. Jude Medical. Very disturbing was the fact that these companies were not even aware of the intrusions until federal authorities contacted them.

Supply chains have become global and involve visibility and collaboration among partners but this can result in risks such as cybercrime becoming greater threats. Investments to combat this rising risk are growing and according to Allied Business Intelligence, global cybersecurity spending by critical infrastructure industries was expected to hit $46bn in 2013, up 10% from a year earlier. Expect this amount to grow even quicker in 2014.