Cybersecurity in the digital supply chain: A war without borders

As the world becomes more interconnected, the supply chain; the once purely logistical arm of business, has become a complex, digital organism. And like every digital organism, it is now deeply exposed to cyber threats. The digitalization of manufacturing, transportation, and distribution has unlocked extraordinary speed and efficiency, but it has also created cracks—cracks that cybercriminals are eager to exploit.

In a conversation rich with real-world relevance, Kushika Sharma, Assistant Professor at UPES Online, delves into how modern supply chains are vulnerable, why attacks are rising, and how industry needs to respond, not just with tools, but with awareness, partnerships, and people.

The fragile thread of interconnectivity

“Let’s begin by understanding why there is a need for cybersecurity first,” Sharma says. That need becomes clear as soon as you consider how digital the modern supply chain has become. Logistics today is not simply about moving goods. It is about integrating warehouse sensors, ERP systems, supplier portals, third-party vendors, and control centers—all in one connected ecosystem.

Every connection is a potential entry point.

Sharma points to the expanding attack surface: “As supply chains become increasingly digitalized, they are connecting manufacturers, suppliers, logistics providers, and retailers.” As the surface area grows, the chances of infiltration multiply. “Traditional security tools struggle to keep pace with the evolving threats,” she explains.

She recalls specific, real-life disruptions—the NotPetya attack, which brought operations of the world’s largest shipping company to a standstill across 80 ports, causing a $130 million loss; the SolarWinds hack, which exposed the systemic vulnerabilities of vendor software; and the 2013 Target breach, where third-party access compromised over 40 million credit card records.

The numbers speak volumes. “60% of cybercrimes happen via third-party vendors and not through their own sites,” Sharma notes, driving home the need for a much broader cybersecurity lens.

Fusion over tradition: The new defense formula

When it comes to defense, Sharma sees no single silver bullet. Instead, she emphasizes what she calls an “era of fusion.” Cybersecurity in the supply chain now involves a convergence of AI, machine learning, data science, and predictive analytics.

AI’s strength lies in processing vast datasets, identifying risks, optimizing supply routes, and flagging suspicious activities. Data science brings behavioral analytics into play—spotting anomalies like unauthorized access or route diversions in real time. “Machine learning and AI-driven intrusion detection systems are becoming very essential tools,” Sharma asserts.

This fusion isn’t just about automation. It’s about vigilance at scale. And it reflects the transformation of supply chain security from reactive protection to proactive defense.

The hurdles: Why are attacks still happening?

Despite advancements in tools, attacks continue to plague systems worldwide. Why? There are several organizational and systemic obstacles:

• Lack of real-time visibility
• Shortage of skilled cybersecurity professionals
• Vendor resistance to security upgrades
• Reliance on outdated traditional methods
• Fragmentation in how the supply chain operates across industries

These challenges are especially prevalent in logistics-heavy sectors like defense, retail, cosmetics, and pharmaceuticals; each with unique needs but little alignment on security protocols.

One core issue is the lack of standardization. Supply chain management is not a centralized industry, and many vendors operate without unified cybersecurity policies. But Sharma is optimistic: “Adaptation of cloud-based integrated platforms and training cross-functional teams in data and security can really make a lot of difference.”

SLAs: The missing shield

A major vulnerability Sharma highlights is the absence of security-focused Service Level Agreements (SLAs) between companies and their vendors.

Only major enterprises typically enforce SLAs that require partners to implement security standards such as data encryption or breach notification timelines. Smaller players, particularly SMBs, often have no such protocols in place.

This lack of enforcement leaves gaping holes. “If they are trained, they will report any security breach within 24 hours of detection—if it's done on an aggressive basis,” Sharma says. She underlines the importance of turning these best practices into norms rather than exceptions.

Digital war: The new frontline

The urgency of securing the supply chain becomes even more apparent in the current geopolitical landscape. Sharma draws attention to how cyber attacks are becoming the new weapons in digital conflict.

Referring to hostile cyber activities, particularly in the context of the India–Pakistan situation, she observes: “It’s a digital war… The way we are handling it, although the media has encrypted it somewhere or not, I would not like to comment on that. But I think we’re doing a decent job.”

This isn’t metaphorical. With control centers replacing boots on the ground, and missiles launched through algorithms rather than armies, Sharma paints a picture of a modern battlefield governed by data and firewalls.

Case in point: Pfizer’s data-driven vaccine supply chain

The stakes become even clearer in Sharma’s recounting of Pfizer’s cold chain logistics during the COVID-19 pandemic—a moment where cybersecurity, IoT, and data analytics came together to safeguard lives.

Pfizer, needing to maintain a strict -70°C temperature for its vaccines, deployed IoT-enabled thermal sensors and GPS trackers inside containers. Real-time analytics were used to detect temperature anomalies, delayed shipments, or potential tampering, triggering reroutes or replacements before spoilage could occur.

This wasn’t just operational efficiency. It was cybersecurity in action, ensuring integrity, transparency, and accountability in one of the most critical supply chain missions in history.

Resilience is the new efficiency

Cybersecurity in the supply chain is no longer optional. It is the backbone of operational continuity, reputation management, and even national safety. Whether it’s using AI to scan for threats or establishing SLAs to hold vendors accountable, the path forward is clear.

In Sharma’s words: “We are aspiring to do things that are 10 or 15 years ahead of their time. But we must start now.”

The future may be digital, but winning in that future will require human strategy, shared responsibility, and relentless vigilance.