Understanding Supply Chain Management
When they say you’re only as strong as your weakest link, this statement can be likened to the fact that if you think you are secure, attackers can always get to you through those people you have a business relationship with. And that gave birth to the system called Supply Chain Management which takes cares of those relationships.
There are no businesses on earth today that operate as an island, they all depend on each other for them to achieve one or two business objectives. By its very nature, a supply chain requires a collaborative partnership between people and organizations. While this can help to achieve a common objective and foster growth, it might also pose a host of problems.
First, we need to understand that supply chain used to be dominated by the movement of products, finance and information as described by Peck. The coming of the information era has introduced complexities in its own supply called the cyber supply chain, which involve a network of IT infrastructure and technologies that are used to connect, build and share data among businesses in virtual networks (cyberspace) giving birth to new forms of risk unconnected to physical products and a distinct location.
In the course of enjoying the benefits that come with this relationship, businesses have unknowingly exposed sensitive aspects of their data (financial and legal document, employees and customers data, and critical business secret). Yet this overlooked weakness has opened up opportunities for cybercriminals to establish grips on targeted organizations.
Risk in Supply Chain
Supply chains face an extensive range of threats, ranging from physical threats to cybersecurity threats. Looking way back to Traditional Supply Chain, the physical threats are perhaps the more obvious ones that can occur at various points along the supply chain—think of militants and enemies disrupting the supply chain of crude oil by attacking pipelines. Other physical threats include theft, which can be an external or internal operation, and then there is piracy when it comes to the film and music industry.
Apart from these physical threats that could disrupt the supply chain, modern supply chains face a growing number of threats due to their overwhelming dependent on Information Technology. The advancement in technology and the Internet has become a point of leverage for every well-functioning and effective supply chains system. Efficient supply chains are dependent on a range of software and hardware working together, collating and transmitting vital data about shipments, inventory, and even the condition of equipment used to manufacture parts to be supplied.Some of the risk in supply chain includes;
- Vulnerabilities (weaknesses and errors) in software applications and networks within the supply chain that are discovered by malicious hackers.
- Malware that is inserted into software or hardware (many IT and network equipment have been backdoor-ed before they get to their country of use).
- Inability to properly manage cloud access can lead to serious IT risks, including providing users with excess privileges, or, worse still, leaving cloud storage repositories open and accessible to anyone.
- Trusting Data to a third-party vendor.
- Internet of Things (IoT) sensor Compromise.
Impact of Attacks on Supply Chain
In the last five years, we have seen major breaches that could be linked back to attackers exploiting opportunities (vulnerabilities) in supply chains. Equifax blamed it 2018 breach on a malicious download link on its site which came from another vendor, this exposed the flaw in the software running their online databases and handed the cybercriminals behind the attack the personal data of at least 143 million people.
In 2017, Cybercriminals got hold of 13 million files of third party clients belonging to a law firm in Panama. The hacked popularly named “Panama Papers” sparked financial and reputational damage by highlighting information of high-profile entities such as corporations, politician and celebrities.
Also, in 2014 ,used credentials stolen from a Heating, Ventilation and Air Conditioning (HVAC) supplier were used to infiltrate the Target Corporation. They stole information relating to the names, physical addresses, phone numbers and email addresses of an estimated 70 million individuals.
The impact of these attacks on the above-stated organization comes in two-fold. One, the killing of their businesses and two, liability to payment of fines (which are in millions of dollars) for millions of data stolen by attackers as enforced by various regulations in region where compromised organizations operate.
Protecting the Integrity of your Supply Chain
Understanding of the risk be it physical or cybersecurity threats in supply chains will help businesses and organization to put in mechanism and controls that will help them validate the integrity of their supply chain. What can you do to keep the integrity of your supply chain?
The National Cyber Security Centre, has stated some ways by which organizations can manage and improve their supply chain risks.This includes;
- Institutionalize a multi-stakeholder supply chain risk assessment process that engages as many members of the supply chain as possible – The weakest link in your supply chain will not only expose themselves and your organization to attackers but potentially exposes every other member of that chain.
- Encourage organization in your supply chain to meet security benchmark and compliance – Undertaking a security assessment, such as NDPR, PCI DSS, ISO 27001, Cyber Essential Plus can be valuable to keep the integrity of the supply chain. By setting a benchmark and making this the requirement for new and existing vendors allows you peace of mind that they have been third-party verified.
- Improving relationships amongst members of the supply chain is also very important for improving cyber-security within it – with an improved relationship, you can ensure that all vendors and organization in your supply chain share your mindset to protect both your organization and the customers you both shares.
Now that we know how important it is to keep intact our supply chain integrity, it is not too late for us to review our business collaborative partnership between people and organizations and ensure that necessary controls are put in place to protect in a whole the SUPPLY CHAIN.