Protecting Supply Chains against Cyber Attacks

Recent studies estimate that one in four organizations will experience a breach during 2017.

Dan Cser headshot 59c4077ec4a0c

The impact that technology has had on supply chain efficiency and productivity over the last decade is stunning—but progress has come to some with a heavy price. Without air-tight security and vigilance, the software that is revolutionizing the industry is also opening new opportunities for hackers. 

Recent studies estimate that one in four organizations will experience a breach during 2017. That rate may be even higher for supply chain organizations, where studies also show that as many as 80 percent of cyberattacks originate. Yet, despite their vulnerability, few supply chain managers establish a robust alignment with IT and cybersecurity teams working in or alongside their organizations.

Cyber threats are a growing concern in every business, but it stands to reason that supply chains would be especially vulnerable given their complex relationships with employees, clients, shippers, transporters, plant operations, and the uncontrolled who-knows-what software and security procedures that are in use along the chain. Even when isolated, sloppy security procedures or lax employee training can put the entire organization and its data in jeopardy.

Within the past three or four years, some of the nation’s largest companies have been breached successfully—Samsung, Home Depot, Target, Walmart, Neiman Marcus, Yahoo and JP Morgan Chase Bank, to name a few. Those are companies with considerable IT talent.

So you ask yourself. Without those big guns, how do we protect ourselves, our clients and our suppliers against sophisticated hacking techniques and new malware that is freshly refined with each attempt made to foil it?

No approach is foolproof, but there are a number of steps that will help secure the data and enhance the communication that is essential for doing business in the current environment.  Even if yours is a small or midsize company, you can reduce the odds or at least the intensity of a major data breach.

Set Protocols: In concert with your IT specialists or data security contractor, set down in writing a meticulous set of standards that will ensure every member of the supply chain has clear direction for handling email, purchasing and using software, discussing company business, and storing and sharing data. Reinforce those standards through the ongoing support of leaders from each part of the chain.

  • Teach Compliance: Offer compulsory training that emphasizes the importance of adhering to the policies that have been agreed upon by the supply chain team. Most data breaches are caused when compliance rules are inadequate or are overlooked.
  • Network Security Standards: Institute regular communication with major suppliers and clients so that security standards are consistent along the entire supply chain. A cyberattack that succeeds along any point in the supply chain has the capacity to interfere with the entire chain by disrupting business and causing uncertainty and dissention. Where possible, apply system technologies across the network.
  • Vet Vendors:  Against standards that you have created with your data security advisers, institute a vendor vetting process before approving any new supplier, and review each vendor annually with an eye toward their willingness to cooperate with prescribed security standards.

Respond Quickly: If or when a cyberattack occurs, the faster your organization responds, the more likely you will mitigate a widespread loss of or damage to records. 

  • Establish or contract with an incident response team whose members are skilled at cyber war and will act without hesitation to identify and quell an attack.
  • Establish a communications plan that prepares you for quickly informing others along the supply chain that a breach has occurred and that action is being taken, so that they can also respond and limit the extent of the breach by executing quick password resets and credentials.
  • Share your findings and response techniques with all along the chain.

Budget for Cyber Security: Besides building stronger IT teams or contracting with vendors whose specialty is cyber security, consider investing in advanced employee training and cyber liability insurance to help prepare and protect you in case of a breach or stolen information.

The security of any organization that is part of a supply chain is only as strong as the weakest member of the chain. Breaches are most frequently the result of human error, and hackers know it. They will prey on the laxity of anyone along the supply chain who is unfamiliar or noncompliant with security protocols. Regular training is essential in every organization, no matter its size or industry. 

Cyber security is a team sport, and the competition can be brutal. If you are in business, you need to play hard to protect your clients’ data.  

There is risk in every business, but with planning, communication and cooperation, you can help limit the risk of exposing your supply chain to cyber breaches by maintaining standards that are followed without exception by every member of the team.