The Coronavirus disease (COVID-19) has brought many lessons to light for business leaders. Past business plans, best practices and tried-and-true strategies were re-evaluated, as organizations braced for a new landscape dotted with disruptions.
Nearly every business was impacted by the events of the past 12-plus months, and much of this correlates back to challenges with the supply chain. In fact, 97% of U.S. businesses have been impacted by supply chain disruptions or expect them due to COVID-19 , according to a 2020 Institute for Supply Management survey
Managing the overall supply chain of a business has quickly become a key focus for enterprise risk management, as the pandemic exposed weaknesses in supply chains and their ability to handle disruptions, along with quality control issues.
Disruption in normalcy in today’s world
For most Americans, COVID-19 has been the biggest global health crisis ever experienced, but it is not a one-off event. History is dotted with health and environmental disruptions that have brought the world to a standstill, such as the 1918 Influenza pandemic and the 2011 Fukushima nuclear disaster, although none of these disrupted supply chains as much as COVID-19
COVID-19 is a timely reminder of how critical it is for businesses to adopt measures to manage risk during these inevitable global shocks. Many leaders have traversed through such volatile landscapes by making supply chain risk management a key priority. In today’s world, they have been pushed to think five steps ahead – vetting all considerations to strategically position their businesses to thrive post-pandemic.
Building a data security protocol that permeates every touchpoint in the supply chain to withstand risks and quickly respond to shocks is imperative. While security may optically seem like a key priority, with robust internal protocols in place by many companies, many leaders fail to notice vulnerabilities in the business’ external landscape. And, in this global village, as supply chains continue to become more intricately connected, data security is becoming a more critical issue.
Looking beyond the four walls of your business
A November 2020 BlueVoyant report revealed that 80% of U.S. organizations experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the last year. No company is immune – think of all the cybersecurity headlines that have dominated the news waves in recent years. Even Fortune 50 companies have fallen victim to third-party cyberattacks, as millions of user credentials were found unprotected.
Your data security protocol is only as strong as your weakest link in the supply chain. It’s possible you may have most advanced protection within your business, but if someone on your supply chain does not, you are extremely vulnerable to external threats. Going beyond the four walls of your business and ensuring security standards are in place throughout the supply chain is of utmost importance.
Taking supply chain cybersecurity risks seriously is critical because what’s at stake is not something that can always be replaced or remedied. You risk losing or revealing your trade secrets, intellectual property, and proprietary data. Not only do you risk remaining profitable after such an attack, you also may be held responsible for the exposure of items such as private customer data. The impact to a company’s intangible assets such as brand and reputation are more relevant than they have ever been. In fact, intangible assets currently account for 90% of the S&P 500’s total assets – a historical high.
Here are four ways you can manage supply chain risk during this rising tide of data volume, distribution and diversity.
1) Reduce internal and external threats through third-party audits. Every industry has different regulatory compliance requirements and certifications. Third-party organizations can oversee risk assessments in the supply chain that provide objective security scores for internal and external touchpoints.
Digital solutions can bring together a customized risk assessment of the supply chain, based on field data collected from independent on-site verification of critical suppliers. By providing total visibility on the known—and unknown—risks threatening your processes today, businesses are better equipped to face risks head-on and develop a more resilient supply chain.
It is also wise to lean into a third-party expert for an independent cybersecurity conformity assessment services of IT systems, industrial assets, people and connected products such as Internet of Things against recognized standards.
2) Clearly outline cybersecurity requirements and data security protocol in all your contracts. Supply chains are often a company’s weakest link, so it is essential to apply similar security requirements and protocols that are used to protect the company’s infrastructure to all parties involved with the business.
For instance, request that all third parties you work with are certified to security compliance standard that they must meet in order to be a partner, such as PCI-DSS for retail or HIPAA in healthcare. Self-declarations of compliance are no longer enough; cybersecurity requires cooperation, collaboration and certification.
3) Stringently vet and monitor which third-party partners have access to your network. Clearly identify who is allowed access and offer different levels of access to different vendors – not every user needs full visibility, especially to your most sensitive information. With the acceleration of cloud infrastructure across organizations, limiting access will help constrict cyberattack opportunities, and prevent or mitigate the harm stemming from both internal and external attacks. Additionally, strong passwords with encryption will help keep data safe and limited to vendors to who you grant access.
4) Partner with industry and government regulators to share cybersecurity threat intelligence and meet security standards. Several security frameworks and cybersecurity standards are available to help protect company data across touchpoints, specific to industry needs. Partnering with industry and government regulators in this landscape of ever-evolving threats helps ensure security strategy and protocol is being implemented consistently.
For example, the Department of Defense (DoD) has the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base and a required certification for all contractors working with the DoD. With more than 300,000 DoD companies and subcontractors across the supply chain, the defense space is often a target for malicious cyberattacks. Potential breaches of intellectual property in this sector are especially detrimental, as a matter of national security, and CMMC is a great starting point to help companies throughout the supply chain stay ahead of threats.
Similarly, the ISO/IEC 27017:2015 is a security standard developed for cloud service providers/users. As cloud adoption continues to increase across industries, this standard can serve as a baseline for security efforts. Completion of the multi-phase, third-party assessment establishes compliance with cloud security standards, and a commitment to ensuring data security and privacy.
The whole is greater than the sum of its parts
Nearly 80% of all data breaches happen within the supply chain, according to the Sans Institute. While your business may only be as strong as its weakest link in the supply chain, putting comprehensive yet agile supply chain risk management practices and stringent data security protocols in place will help mitigate a variety of risks under any market landscape, protecting your company’s data, reputation and trajectory.