Oct 16, 2019
Who’s playing leapfrog in your supply chain? How do your cyber-security systems measure up?
It is predicted that global cybercrime damages will cost up to $6 trillion annually by 2021. Cybercrime is replacing traditional crime – why? First and foremost, a cybercriminal can target vastly more “victims” at one time, AND it’s far more difficult to catch them. Traditional criminals need to consider things like DNA – it’s almost impossible not to get caught if you have left your DNA at the crime scene. Although advances have been made in the detection and apprehension of cybercriminals, it’s still a lot easier to get away with cybercrime than traditional crimes and it’s achieved in the comfort of their own homes.
With malicious hackers attacking computers and networks at a rate of one attack every 39 seconds (University of Maryland), individuals and companies need to be more vigilant. Adding additional complexity to an already complicated subject is that as companies turn to highly networked and outsourced supply chain models, it’s no longer only their data they need to protect. How many daily tasks are outsourced to another business in the supply chain that requires access to your information? What contracts are in place to stipulate how these third parties can access, store, and send data? To what degree are third parties vetted for their cybersecurity defences before they are given access to sensitive and proprietary information?
SMEs often have lower levels of security in place. They usually don’t have the expertise, resources, or budget to implement high-level security solutions, and they don’t think they will be targeted as much as their larger companies will. Cybercriminals infiltrate these smaller companies in the supply chain and then “leapfrog” from system-to-system to access their primary target. They then can expose sensitive information and manipulate operations in the supply chain.
Although security measures are never 100% cyber proof if you make it more difficult to access the front door, cybercriminals are likely to move on to a less secure option. To start with, companies, regardless of size, need to protect their data centers first and then move outward to the third parties in their network to ensure that the next layer of security is in place. Investigate all your third parties’ security systems to see how they would handle and recover from potential attacks. Ensure that you investigate and have access to your vendors’ security procedures in all areas of their business, i.e., IT, Human resources, legal and operational/procurement. Understand each vendor’s importance in your supply chain to determine the level of each one’s risk. Set expectations by entering into contracts with each vendor and make sure to follow-up regularly to assess performance. Cull suppliers that don’t or won’t comply with security measures.
Your suppliers and their employees are an extension of your business – a cyber attack can rip through and affect many companies within a supply chain, so it’s in the best interest of all stakeholders to work together to put in place robust processes, policies, and procedures. Running regular anti-malware scans and blocking malicious looking IP addresses is a good start but educating every person within your business as well as your third-party supplier businesses is equally essential. Train them to know how to identify possible threats to your systems and to report anything peculiar to your IT team ASAP. Often our employees are the weakest link.