Supply Chain

Without doubt the largest task we have as a global business community is Nextifying our Supply Chains.

Nextifying Supply Chains

In our fast-moving globalised world every organisation, whether for profit and non-profit have to compete for market space. The only way to often stay ahead is to implement new technology to improve service and efficiency.

In our race to get ahead in “Information technology” we’ve compromised “information” for the sake of technology.  We’ve put more data in the cloud, acquired faster fiber to access it, and used more and more applications to create and share it without considering who has access to it.

Daily we hear stories of GDPR breaches (In a Nextified world that stands for Give Data Proper Respect 😊) where high-profile companies are increasingly being devastated by cyber-attacks that cause financial losses and that damage their brand reputation.

“We cannot continue to hyper-speed technology and communications without mitigating the cybersecurity risks”

– Phylip Morgan, Cynext.

From Financial Services, Airlines, Retail, Legal, Accounting, Healthcare, the list is endless – organisations are struggling to protect the confidentiality, availability and integrity of data. Information security has become more complex due to innovations involving big data storage, predictive analytics, and the use of cloud-based solutions.

E-services and tools such as e-sourcing and automated procure-to-pay systems complicate matters further. Over and above all of this, there is the people problem. There are many weak links in the supply chain including importers, foreign manufacturers, agents, transport companies, and third-party logistics service providers. Hackers, whose main objective seems to hold organisations to ransom, can infiltrate any of these layers.

Key Risks
Cyber-attacks do not always come through the front door. Businesses depend on trusted relationships with their third-party suppliers and service providers. Many of these are vital suppliers of components and maintenance; others are providers of professional services such as marketing, accounting, and I.T. Many cyber-attacks come through these backdoors.
Lack of Awareness Among Employees
Education and training are recommended for both own employees and those of key suppliers. Bring your own device (BYOD) facilities in the supply chain can cause major security issues especially with mobile devices. The level of malware protection and detection performed on these devices is usually inadequate. Job roles re-opening up in cybersecurity, there are not enough trained people available yet. “Phishing” has become commonplace, this includes attempts to acquire usernames, passwords and credit card details via email for fraudulent purposes. “Cybersecurity is never just a technology problem, it’s a people, processes and knowledge problem.” National Institute of Standards and Technology (NIST).

 

Third Party Suppliers

Your company may have a cyber-security risk strategy but what about your key suppliers that can access your systems? Smaller companies contracted to larger companies are often targeted because they are more vulnerable. A niche company supplying vital goods or services may have access to important information and only have a very immature approach to data security.

 The next problem is your suppliers’ suppliers, also called tier 2 suppliers. You may have addressed security weaknesses in your own proprietary software but the problem may lie with your solutions providers. Poor information security practices by lower-tier suppliers can sink companies. .It is estimated that over a third of corporate IT breaches are via third-party suppliers.

 Cyber-attacks can lead to intellectual property breaches, sub-standard or interrupted operations, sensitive data custody breaches, and decreases in service level to final customers.

Software Solutions Providers
Cyber attacks can be delivered through counterfeit hardware or software that is embedded with malware. Supply chain functions are often outsourced in an attempt to reduce infrastructure costs – these are the ones that require extra diligence. Website builders and data aggregators are a risk as well as “watering holes”, where the attacker guesses or observes which websites are vulnerable and infects one or more of them with malware.

Mitigating the risks

As well as financial losses and brand damage, cyber-attacks, can lead to intellectual property breaches, sensitive data custody breaches, and decreases in service level to final customers. Improving the quality of the relationships amongst all members of the supply chain is important for improving cybersecurity. Here are a few ways to stay safe:
  • Create a cyber-crisis team to be first responders. Re-arrange resources and develop contingency plans thereafter
  • Train people to follow security procedures and educate them about the risks
  • Improve processes e.g. due diligence for new suppliers must assess cyber risk
  • upgrade internal technology. Tight guidelines for supplier access are a strong defense

Cynext Supply Chain Initiative

Working in the key industry sectors that are currently (Jan 2020) the biggest targets for Cyber Security attacks.
m

Financial Services

Healthcare

Legal

Construction

Education