4 minute read • published in partnership with SCCG
Insight: Cyber security in the supply chain
An endless growing network, the internet offers individuals easy ways to access data that presents an interest for them. This can be done from any electronic device, that can connect to the internet. Part of living in the ‘Internet Era’ is understanding and accepting accessibility of information is convenient, but the safety of information is almost compromised for convenience, leaving companies and data, vulnerable to digital disruption. The Supply Chain Consulting Group explores how to address cybersecurity, supply chain management and enterprise risk management.
As technology develops, individuals, businesses and the government organisations use the internet for different purposes and put their trust in it, to secure the confidential or personal information, including names, phone numbers, banking details etc.
Key supply chain risk management issues include the supply chain business ethics, counterfeit parts, cyber risks, and risks associated with a global supply chain. If one of these is facing problems, then it could jeopardise the award of future contracts, as there are potentially big chances to create negative past performance and affect the brand image.
Cyber risks and cybersecurity, however, are a top government concern. They contain government-related information; thus, many suppliers are being subjected to an increasing range of rules and restrictions.
Therefore, companies must identify and manage the risk in their supply chains to protect not only their interests, but also the interests of their clients and end-users. To ensure that a company remains protected, one way would be to use a fully tailored Cyber Supply Chain Risk Management (C-SCRM) system.
C-SCRM should be implemented as part of overall enterprise risk management activities. Activities should involve identifying and assessing applicable risks, determining appropriate mitigating actions, developing a C-SCRM Plan to document selected policies and mitigating actions, and monitoring performance against that Plan. Because cyber supply chains differ across and within organizations, the C-SCRM Plan should be tailored to individual organizational contexts, or else the system will also be easily compromised.
Thanks to a growth in the open source economy, companies don’t have to build their technology from scratch anymore, as they can now use outside software and hardware. Though, every application, download and purchased devices must be monitored for potential security risks.
Mistakes within the organisation’s cybersecurity could allow complete system compromise, exposing databases that contain confidential information about the company and customers.
Supply chains may get tech-savvy; however, statistics show that cybersecurity is not keeping pace. Due to the lack of cybersecurity understanding among the population, as the year’s pass, hacking attempts are happening more often every year.
Cyber hacks have varied purposes, for instance, in 2018, NHS suffered from the ‘WannaCry Hack’ attack. This shut down thousands of computers and cancelled almost 20,000 patients’ appointments. Due to this attack, NHS suffered a loss of £92m, including computers clean-up, upgrades to the IT systems and cyber security. NHS was severely criticised for using old-fashioned IT systems, including Windows XP, which is one of the most vulnerable to cyber-attacks.
Internet and technology help to connect everything within supply chains; therefore, losing important data that encircles core information over parts of manufacturing or logistics, can cause trouble to the entire supply chain.
If this data leaks outside the organisation, it can be harmful for the entire supply chain; consequently, all departments should be involved in ensuring that the cyber security protects the supply chain.
If a supplier can’t meet a company’s basic security requirements, this can lead to massive disruption and business loss, as it happened to Target. The hackers’ starting point for the cyber-attack was an HVAC company that Target uses as a supplier to numerous store locations. From that point, they stole credentials, accessing Target’s system.
The retailer lost £127m, affecting over 100 million customers, as the hackers have gained access to more than 100 million customers, including their names, card numbers, expiry date and CVV. Target was made aware of the cybercrime by its cybersecurity service, however, it failed to act in time to prevent the theft, thus, it had a profit loss of almost 50% in that financial quarter, and prices fell 11% during that time.
Cyber supply chain risks may include incorporation of counterfeits, unauthorised manufacture, theft, insertion of malicious software and hardware, therefore, everyone has the responsibility to protect themselves and the people around them from cybercrimes, including companies. Standard practices that supply chain organisations can do to avoid cybercrimes can be as easy as not opening emails that look suspicious and spotting fake names within the opened emails and communicating that to the rest of the team or activating firewall systems.
Combining elements of cybersecurity, supply chain management and enterprise risk management, focusing on increasing visibility and control over the organisation, their partners, suppliers and customers; the C-SCRM is a system designated to help IT executives to overcome the challenges of rapid globalisation and outsourced diffusion of hardware and software systems.
The C-SCRM helps to pave the gap between business requirements and technology solutions, but, unfortunately, few IT specialists understand the need for cybersecurity solutions to help companies manage the complexity of operations or the increasing requirements for regulatory compliance within supply chains.
By applying end-to-end process correct and providing enhanced systems assurance in a great time, the Cyber-Supply Chain Risk Management helps improve companies’ supply chain security.
Keeping the organisational system safe, as well as confidential data is a must, therefore, having installed the C-SCRM System is the key factor for supply chain and manufacturing organisation in having their system safe, and free of corrupt malware and any possible chances of hacking.
Hackers will always look for the weakest point to entry a network, therefore, it’s essential to prioritise the third-party risk, because it goes back to the full connected supply chain with a variety of other parties linked back to that network.