Supply Chain Risk Management Blog
The cyber supply chain risk
In a digital world, cyber risks are an increasing concern for businesses – as our colleagues within the InterSys technical group are well aware. This deals with the findings of the government’s Information Security Breaches Survey 2015, which shows both the prevalence and impact of cyber breaches. There’s a lot more businesses can be doing, they note.
There are obvious implications for the supply chain, too. As research by Standard Chartered (picked up by the FT) highlighted, technology has transformed the global supply chain, bringing massive benefits. Radio-frequency identification (RFID) technology and the Internet of things, for example, have made it much easier to track and monitor orders and shipments through the supply chain. Similarly, technology facilitates much greater coordination between businesses.
“Supplier companies can be completely integrated in managing the supply chain. Instead of an ordering department sending orders to suppliers, everybody can be linked directly to inventory management systems,” the report states.
While the benefits of that are obvious, so too are the risks. Increased connectivity, if not properly handled, brings the potential for increased vulnerabilities. Moreover, the reliance on technology exacerbates the potential problems in cases where a breach does occur (one reason, possibly, why the government survey shows the average cost of security breaches soaring).
The other, and related, point is that a company cannot afford to look just at its own cyber security. As delegates heard at the Infosecurity Europe event where the Security Breaches survey was launched, businesses need to work not just on their own procedures and practices, but also with their suppliers.
Experts are urging businesses to work with suppliers to raise the level of their “cyber hygiene” – encouraging them to follow principals such as those laid out by the government’s the Cyber Essential Scheme. The view is based on a number of cases where attackers have targeted suppliers to circumvent big firms’ security.
“Try to be an intelligent customer,” Jon Townsend, head of cyber intelligence and response at the UK’s Department for Work and Pension (DWP), advised the audience. “And if you think suppliers are not meeting your information security requirements, instead of beating them up with the contract, work with them to put it right.”
That’s good advice. As a first step, though, businesses need to have visibility of the supply chain to identify where the potential vulnerabilities are, and identify who has what information. Fortunately, that’s an area where technology can help as well, with the growing market for supply chain management software.