Fashion Supply Chain
ANALYSING THE FASHION CHAIN
In the last years, the fashion industry has undergone tremendous growth in terms of technology. For example, a shift in buying habits is reflected in consumers opting to use mobile devices (a.k.a. Mcommerce) to purchase products, or virtual environments to try-on items and get a feel for brands before going into stores and purchasing physical products. Virtual try-on capabilities are powered by augmented reality, and extended reality to produce realistic spaces for experimentation.
In 2023, fashion and sports were projected as two of the biggest industries for supporting growth in gaming and entertainment, creating fun and exciting opportunities for new communities to connect through their favourite artist or sports personality, whether that be by a QR code scan that transports users to a website to purchase one-time pieces that become future collectable items, this is a new avenue being explored. Social media is also being boosted for interacting with audiences, enabling consumers to shop on popular platforms straight from watching live streaming content of their favourite media moguls through TikTok Shop, Instagram, and Facebook Marketplace.
Luxury fashion places itself as ‘digitally first’, always on the lookout for ways to connect with customers through multiple channels online, with brands hoping to expand operations into international markets in the future. Artificial Intelligence (AI) as shown in the presentation-style value chain is present along the way, enabling co-creation of creators to leverage three key areas in luxury, ‘cohort, community, and individuals.
KEY STAGES
Sourcing and Planning - Identify raw materials such as yarn spinning, weaving; and components including company location, local inventory, and investing in global suppliers. Digital elements refer to tracking performance overtime and responding to customer trends.
Manufacturing and Production – Data centres, physical locations for building, creating, and packaging products. Technology plays an important role at this stage, with machines and devices being connected to software, IT and Operational Technology (OT) environments.
Logistics and Distribution - Transport goods to physical stores vs selling items through ecommerce platforms. Retailers are using Artificial Intelligence (AI) to help with avoiding Inventory losses through managing stock levels.
Omnichannel / Virtual Environments - Client, customer, and brand engagement. Storytelling experiences through in-store and online opportunities, with immersion, virtual try-on, augmented reality, concept spaces and pop-ups driving sales. The fashion value chain is heavily digitalised, making up between 30 – 40 percent of total sales. Digitalisation of the supply chain can help with the global apparel market, which is set to grow from USD$1.2 trillion in 2020 (GBP£950B) to USD$2.25 trillion (GBP£1.7B) by 2025, requiring more conscious efforts to reduce consumption through tracking inventory in supply chains helping fashion brands and retailers.
Aftercare and Compliance - Brands close the deal with their customer/client and retain loyalty through personalisation. Reduce overconsumption and overproduction through compliance and adhering to the latest regulations and standards. For example, adapting to the future of retail and fashion has been unveiled through Product Lifecycle Management (PLM) tools which are tailored for fashion and effectively integrate within connected solutions to manage overhead.
Retailers and fashion brands will be considering their 2025 sustainability goals, net zero targets and increasing compliance of requirements, with smaller brand manufacturers becoming less competitive. It will be up to large transactional manufacturing organisations to dominate the smaller ones, unless brands can withstand competition. Compliance can also refer to working capital and investing in your staff / team through platforms such as Ulula and ContingentAI to increase visibility of risks like wage theft and gender-based violence through technology.
VULNERABILITIES: CYBER SECURITY
Cyber criminals may focus their attention on financial gain, motivated by stealing data from brands and customers to fund future campaigns and continue attack chain via ransomware deployment and extortion. This can include web skimming against popular software platforms to steal PII, injecting malicious code into checkout to extract data. Threat actors more focused on gaining competitive advantage within the industry will be motivated by understanding the shifting landscape in terms of technologies being used to automate processes, resulting in an increase of clients, revenue, and unique strategy.
Employees, contractors, and suppliers can align with cyber crime through going ‘rouge’ and using position within the company to steal data and pass onto competitors as part of a criminal network for financial gain, underpinned by low wages, economic instability, and uncertain society. An increase in organised crime groups targeting retail and fashion in 2023, set to remain a threat in 2025, does not tie to cyber threats however aligns between physical and digital harm for retailers and fashion brands through stealing high-priced items and reselling them as part of illicit trade on the dark web or third-party marketplaces, motivated by economic pressures, social issues such as substance misuse and financial worries mounting instability in society.
Sourcing and Planning - Information Theft - Threat actors if wanting to move up the value chain, and compete within domestic markets, will try and steal information from retail and fashion brands, using insiders (employees, contractors, suppliers) to understand the latest trends and technologies being used.
Threat actors at this stage could also try and access data stored within cloud environments through misconfiguration of tooling, or tamper with AI/ML systems through data poisoning, getting systems to reveal sensitive information to gain understanding of the company.
Manufacturing and Production - Physical Damage - Manufacturing and production are prone to different types of cyber threats, such as machine software being exploited to takeover systems, access data and possibly deploy ransomware. Insiders can cause physical damage of property or steal valuable data and handing it over to competitors. At this stage, connected devices between IT/OT environments and facilities could be targeted through software vulnerabilities, working on old legacy systems that do not receive updates and patches by trusted security vendors, therefore prone to risks of being intercepted, possibly through ransomware.
If we look at motivations, cyber criminals can be motivated for financial gain, and theft of sensitive information, carried out by exploiting vulnerabilities in legacy systems (SCADA, ICS, ERP, CRM) and completely disrupting operations. The machines and devices all connected that allow employees to track progress, load shipping containers with the products, and then outbound logistics to get them into the next phase which is in the hands of the consumer at a retail commercial level. If this is stopped and manual processes are the only way to fulfil orders, the backlog of that against the supply chain, for suppliers, clients, and consumers depending on the data you hold at this point, customer purchasing history so their addresses, suppliers which could also be targeted for purchasing scams, through fake supplier invoices and purchasing scams.
Logistics and Distribution - Intercept Transportation - Rouge employees stealing from the back of shipping lorries is an issue in retail and fashion. RFID tags can be used to monitor clothing, goods but can also be intercepted along the way through software. Suppliers targeted through business email compromise, (impersonation) to redirect inventory to an attacker-controlled environment.
RFID tags help combat theft and fraud by encrypting data transmitted and stored. Authenticate processes of verifying the identity and validity of the tags preventing counterfeiting from entering inventory systems, using passwords, challenging response protocols and digital signatures or biometrics. Lock tags to protect, lock serial number or manufacturer information to make them read-only. However, threat actors can write information to a black tag or modify data in the tag writable basic tag to gain access and validate product authenticity.
Omnichannel / Virtual Environments - Point-of-Sale targeting - Ecommerce is often targeted by the magecart malware. Ransomware and DDoS can be used to stop websites from functioning through software vulnerabilities in third-party tools. Virtual environments susceptible to ‘metaverse man-in-the-middle’ attacks by Insiders spying on conversations. Added risks associated with transactions stored on blockchain / NFT security including data privacy.
Virtual reality (VR) and augmented reality (AR) continue to advance and expect more immersive and interactive fashion experiences. This can include digital fitting rooms where you can try-on clothes, or AR filters where you can see how a garment looks on you in real life. Sustainable digital fashion could lead to a more sustainable industry, by creating digital samples instead of physical ones. Designers can reduce waste and lower environmental impacts. Digital clothing does not require physical resources to produce and could lead to reducing the fashion industry’s carbon footprint.
In the metaverse, ‘man-in-the-room’ cyber-attacks put users at risk and involves eavesdropping by insiders, leaking key information to competitors. Other risks include real-time social engineering, with users unknown to each other, acting anonymously when interacting, creating opportunities for manipulation. AI detection systems are being used in the metaverse to spot these signs, however not all occurrences are being captured, requiring further security. Data privacy concerns, with AI systems and the metaverse holding substantial sensitive personal information also raises concerns.
Virtual policing and regulations are not present. Interpol ‘digital twin’ for law enforcement – Mayor office in South Korea, plans to police in Singapore through largest digital twin company VIZZIO. The platform will also offer immersive training activities for various policing work, including forensic investigations, travel document verification and passenger screening, and will let their trainees try their hand at a virtual border checkpoint.
There are growing concerns with intellectual property (IP), as many brands want to understand who has ownership of data, and how it is being used in virtual environments. Currently, there is no ownership inside web3 and little governance, with future initiatives alluding to blockchain for tracking garment lifecycle, geotagging for identifying IP location, in return for discounts offered by brands through loyalty of customers sharing their data, and tokenisation of assets through multi-brand-user acquisition.
Security researchers are equally concerned about the rise of third-party software providers offering tools such as AI, but lacking policies surrounding who has access to the organisations data /and whether this leaves room for exploitation. The decentralised nature of web3 increases risks of exposing sensitive information. At the same time, this makes navigating the cyber security threat landscape in web3 particularly challenging.
Risks involving the metaverse and AI include paying for services such as voice and facial features cloning for identity theft, hijacking of video recordings using avatars, or buying access on dark web forums. Geotagging involves physical locations meeting virtual assets, with it already being used to attach geographic coordinates to NFT’s within the art community – images and websites. Cyber incidents reported already show hackers have been able to get inside NFT accounts and transfer funds to own environments as part of money laundering operations, while geotagging could potentially expose information about a person, making it easier for cyber criminals to gather data and use in future campaigns.
Aftercare and Compliance - Keeping the Door Open - Building trust and reputation as a brand is effective but may incurs costs for customers and clients if breached. Long standing brands, start-ups and customers need to equally remain cautious of information publicly shared on social media, because you never know who is watching.
FINAL THOUGHTS AND RECOMMENDATIONS FOR CONSUMERS AND BRANDS
Streamline cyber security best practices by using this value chain to understand your weak spots within the industry.
Trust, open communication, and transparency are key for retail and fashion brands, identifying local and global suppliers, putting measures in place to protect supply chain.
Increase efficiency and warehouse operations throughout manufacturing and production lifecycle. In the case of ransomware, for businesses there is more of an urgency at this stage of the value chain to protect assets and data. The machines and devices all connected that allow employees to track progress, load shipping containers with the products, and then outbound logistics to get them into the next phase which is in the hands of the consumer at a retail commercial level. If this is stopped and manual processes are the only way to fulfil orders, the backlog of that against the supply chain, for suppliers, clients, and consumers depending on the data you hold at this point, customer purchasing history so their addresses, suppliers which could also be targeted for purchasing scams, through fake supplier invoices and purchasing scams, it is a big problem.
Logistics for fashion supply chains can span the globe, from clothing manufacturers in Asia to retail outlets in the US heartland. Goods are transported across multiple borders by multiple carriers, via ship, air, rail, truck, and so forth. Supply chain managers must coordinate handoffs between carriers and track their shipments every step of the way.
AI ACT EU is requesting Bing, Facebook, Google Search, Instagram, Snapchat, TikTok, YouTube, and X under separate legislation to detail how they are curbing the risks of generative AI. While the Act imposes additional constraints and rules on developers of high-risk AI systems and foundation models, deemed as ‘systemic risks,’ mitigate "illegal use of copyright-protected works, an absence of transparency is present for writers' work being used to train AI.
Consumers secure accounts through MFA, biometrics, strong passwords, cyber training awareness, and industry knowledge.
Brand reputation management – protect social media accounts from hacking and unauthorised activity through visibility and automated monitoring tools.
