The Importance of the Value Chain in a Digital World: A Review

In recent years, there has been significant growth in technological advancements that are transforming how businesses operate and how consumers interact with brands. For example, a major shift is reflected in changing buying habits, with more consumers turning to mobile devices (m-commerce) to make purchases or using virtual environments to try on items and explore brands before visiting physical stores. Augmented Reality (AR) and Extended Reality (XR) technologies are now enabling consumers to experience virtual try-ons, creating realistic spaces for product experimentation.

In 2023, sectors like gaming and entertainment were projected to see considerable growth, creating new opportunities for communities to engage with their favourite artists or personalities. For example, consumers could use QR codes to purchase exclusive items that later become collectible, opening up new avenues for brand engagement. Social media platforms are also playing a significant role in facilitating shopping experiences, with live-streaming content directly driving sales.

Some industries are embracing a ‘digitally first’ strategy, constantly exploring new ways to connect with customers through multiple online channels. With aspirations of expanding internationally, these industries are also leveraging Artificial Intelligence (AI) to enhance customer experiences through personalised, community-driven approaches. This shift is not just about customer experiences but extends to how companies use technology to interact with consumers and stay ahead of the curve.

 

Value Chain: Key Stages

  1. Sourcing and Planning
    Identify raw materials such as yarn spinning, weaving; and components including company location, local inventory, and investing in global suppliers. Digital elements refer to tracking performance overtime and responding to customer trends.

  2. Manufacturing and Production
    Data centres, physical locations for building, creating, and packaging products. Technology plays an important role at this stage, with machines and devices being connected to software, IT and Operational Technology (OT) environments.

  3. Logistics and Distribution
    Transport goods to physical stores vs selling items through e-commerce platforms. Retailers are using Artificial Intelligence (AI) to help avoid Inventory losses through managing stock levels.

  4. Omnichannel/Virtual Environments
    Client, customer, and brand engagement. Storytelling experiences through in-store and online opportunities, with immersion, virtual try-on, augmented reality, concept spaces and pop-ups driving sales. For example, the fashion value chain is heavily digitalised, making up between 30 – 40 percent of total sales. Digitalisation of the supply chain can help with the global apparel market, which is set to grow from USD$1.2 trillion in 2020 (GBP£950B) to USD$2.25 trillion (GBP£1.7B) by 2025, requiring more conscious efforts to reduce consumption through tracking inventory in supply chains helping fashion brands and retailers.

  5. Aftercare and Compliance
    Once a product reaches the consumer, companies must work to retain customer loyalty through personalised experiences. Compliance with regulations is also critical in reducing overproduction and ensuring sustainability goals are met. Tools like Product Lifecycle Management (PLM) are helping companies track and manage products from creation to disposal.

 

Vulnerabilities: Cybersecurity Threats in the Value Chain

Cybersecurity threats pose a significant risk to every stage of the value chain. Cybercriminals may target companies for financial gain, using techniques such as ransomware deployment, web skimming, or stealing customer data to fund future attacks. Competitors might also engage in industrial espionage, attempting to access valuable market insights, trends, and proprietary technologies.

 

Threats to Key Stages in the Value Chain

Cyber criminals may focus their attention on financial gain, motivated by stealing data from brands and customers to fund future campaigns and continue attack chain via ransomware deployment and extortion. This can include web skimming against popular software platforms to steal PII, injecting malicious code into checkout to extract data. Threat actors more focused on gaining competitive advantage within the industry will be motivated by understanding the shifting landscape in terms of technologies being used to automate processes, resulting in an increase of clients, revenue, and unique strategy.

In the IT sector, organised cybercrime groups remain a growing threat, targeting businesses through both digital and physical means. While cyber threats such as data breaches and ransomware attacks dominate, insider threats play a crucial role in facilitating unauthorised access to critical systems. These actors may leak proprietary software, customer databases, or intellectual property, which can be sold on the dark web or to competing firms. Economic pressures and social issues, including financial struggles and illicit activities, contribute to the increasing risk of data theft, fraud, and corporate espionage.

 

Sourcing and Planning - Information Theft :

Cybercriminals may target businesses to steal information related to trends, materials, and technologies through insider threats or cloud vulnerabilities. This data can be used to replicate designs or undercut the company’s competitive advantage. Threat actors at this stage could also try and access data stored within cloud environments through misconfiguration of tooling, or tamper with AI/ML systems through data poisoning, getting systems to reveal sensitive information to gain understanding of the company.

 

Manufacturing and Production - Physical Damage:

Manufacturing and production are prone to different types of cyber threats, such as machine software being exploited to takeover systems, access data and possibly deploy ransomware. Insiders can cause physical damage to property or steal valuable data and hand it over to competitors. At this stage, connected devices between IT/OT environments and facilities could be targeted through software vulnerabilities, working on old legacy systems that do not receive updates and patches by trusted security vendors, therefore prone to risks of being intercepted, possibly through ransomware. If we look at motivations, cyber criminals can be motivated by financial gain, and theft of sensitive information, carried out by exploiting vulnerabilities in legacy systems (SCADA, ICS, ERP, CRM) and completely disrupting operations. The machines and devices are all connected which allows employees to track progress, load shipping containers with the products, and then outbound logistics to get them into the next phase which is in the hands of the consumer at a retail commercial level. If this is stopped and manual processes are the only way to fulfil orders, the backlog against the supply chain, for suppliers, clients, and consumers depending on the data you hold at this point, customer purchasing history so their addresses, suppliers which could also be targeted for purchasing scams, through fake supplier invoices and purchasing scams.

Logistics and Distribution - Intercept Transportation:

Rouge employees stealing from the back of shipping lorries is an issue in retail and fashion. RFID tags can be used to monitor clothing and goods but can also be intercepted along the way through software. Suppliers targeted through business email compromise, (impersonation) to redirect inventory to an attacker-controlled environment. RFID tags help combat theft and fraud by encrypting data transmitted and stored. Authenticate processes of verifying the identity and validity of the tags preventing counterfeiting from entering inventory systems, using passwords, challenging response protocols and digital signatures or biometrics. Lock tags to protect, lock serial numbers or manufacturer information to make them read-only. However, threat actors can write information to a black tag or modify data in the tag writable basic tag to gain access and validate product authenticity.

Omnichannel/Virtual Environments - Point-of-Sale targeting:

E-commerce is often targeted by the magecart malware. Ransomware and DDoS can be used to stop websites from functioning through software vulnerabilities in third-party tools. Virtual environments are susceptible to ‘metaverse man-in-the-middle’ attacks by Insiders spying on conversations. Added risks associated with transactions stored on blockchain / NFT security including data privacy.

Virtual reality (VR) and augmented reality (AR) continue to advance and expect more immersive and interactive fashion experiences. This can include digital fitting rooms where you can try-on clothes, or AR filters where you can see how a garment looks on you in real life. Sustainable digital fashion could lead to a more sustainable industry, by creating digital samples instead of physical ones. Designers can reduce waste and lower environmental impacts. Digital clothing does not require physical resources to produce and could lead to reducing the fashion industry’s carbon footprint.

In the metaverse, ‘man-in-the-room’ cyber-attacks put users at risk and involve eavesdropping by insiders, leaking key information to competitors. Other risks include real-time social engineering, with users unknown to each other, acting anonymously when interacting, creating opportunities for manipulation. AI detection systems are being used in the metaverse to spot these signs, however not all occurrences are being captured, requiring further security. Data privacy concerns, with AI systems and the metaverse holding substantial sensitive personal information, also raise concerns.

Virtual policing and regulations are not present. Interpol ‘digital twin’ for law enforcement – The Mayor's office in South Korea, plans to police in Singapore through the largest digital twin company VIZZIO. The platform will also offer immersive training activities for various policing work, including forensic investigations, travel document verification and passenger screening, and will let their trainees try their hand at a virtual border checkpoint.

There are growing concerns with intellectual property (IP), as many brands want to understand who has ownership of data, and how it is being used in virtual environments. Currently, there is no ownership inside web3 and little governance, with future initiatives alluding to blockchain for tracking garment lifecycle, geotagging for identifying IP location, in return for discounts offered by brands through loyalty of customers sharing their data, and tokenisation of assets through multi-brand-user acquisition.

Security researchers are equally concerned about the rise of third-party software providers offering tools such as AI, but lacking policies surrounding who has access to the organisations data /and whether this leaves room for exploitation. The decentralised nature of web3 increases risks of exposing sensitive information. At the same time, this makes navigating the cyber security threat landscape in web3 particularly challenging. Risks involving the metaverse and AI include paying for services such as voice and facial features cloning for identity theft, hijacking of video recordings using avatars, or buying access on dark web forums. Geotagging involves physical locations meeting virtual assets, with it already being used to attach geographic coordinates to NFT’s within the art community images and websites. Cyber incidents reported already show hackers have been able to get inside NFT accounts and transfer funds to own environments as part of money laundering operations, while geotagging could potentially expose information about a person, making it easier for cyber criminals to gather data and use it in future campaigns.

Aftercare and Compliance - Keeping the Door Open:

Building trust and reputation as a brand is effective but may incur costs for customers and clients if breached. Long standing brands, start-ups and customers need to equally remain cautious of information publicly shared on social media, because you never know who is watching...

Final Thoughts and Recommendations for Consumers and Brands

Streamline cybersecurity best practices by using this value chain to understand your weak spots within the industry. Trust, open communication, and transparency are key for IT organisations, identifying local and global suppliers, and putting measures in place to protect the supply chain.

Increase efficiency and IT infrastructure operations throughout the production lifecycle. In the case of ransomware, there is more urgency at this stage of the value chain to protect assets and data. The interconnected systems, cloud environments, and networked devices that allow employees to track workflows, manage deployments, and secure data must be protected. If a cyberattack halts operations, manual processes may be the only way to restore services, creating backlogs that impact suppliers, clients, and customers. The data held at this point—such as customer records, purchase histories, and supplier contracts—can be targeted for fraud, fake vendor invoices, and purchasing scams, leading to major security risks.

IT supply chains span the globe, from hardware manufacturers in Asia to data centers and service providers in North America and Europe. Digital infrastructure relies on multiple vendors, cloud providers, and logistics partners, requiring seamless coordination and cybersecurity protections at every stage to prevent breaches.

The EU AI Act is requesting Bing, Facebook, Google Search, Instagram, Snapchat, TikTok, YouTube, and X under separate legislation to detail how they are curbing the risks of generative AI. While the Act imposes additional constraints and rules on developers of high-risk AI systems and foundation models, deemed as ‘systemic risks,’ mitigating the illegal use of copyright-protected works remains a concern, with an absence of transparency over how writers’ work is being used to train AI.

Consumers secure accounts through MFA, biometrics, strong passwords, cyber training awareness, and industry knowledge. Brand reputation management is crucial—protecting social media accounts from hacking and unauthorised activity through visibility and automated monitoring tools.

 
Alexandra acts as an advisor for organisations and businesses looking to enhance their overall understanding of threat intelligence and cyber security best practices; positioning herself as the go-to authority figure. Please feel free to get in touch to discuss tailored industry reporting and public speaking engagements with Alexandra.

 

If you would like to discuss any of these topics in more detail, please feel free to get in touch

 

About Mesoform

For more than two decades we have been implementing solutions to wasteful processes and inefficient systems in large organisations like TiscaliHSBC and HMRC, and impressing our cloud based IT Operations on well known brands, such as RIMSonySamsung and SiriusXM... Read more

Mesoform is proud to be a