Supply Chain Risk Management

Supply Chain Managers’ Cyber Conundrum

Cybersecurity is top of mind for many supply chain management executives. A Willis Towers Watson survey of 350 senior executives in the air, sea, rail and road transportation industries found that, at sea and on land, cyber threats and data privacy topped their list of concerns.¹ Part of that stems from increased use of technology, from automation to the Internet of Things, which leaves openings for attackers to cause disruptions from anywhere in the world.²

The cost to recover from these breaches can be large, not just in terms of securing the compromised system but in lost sales, damage to the company’s reputation and fines from regulatory bodies should the company be found not in compliance with standards. For example, a U.K. holiday firm was fined £150,000 when hackers stole more than 1.2 million customers’ data by exploiting a vulnerability on its website, gaining access to 431,000 valid credit card numbers. This underscores the importance of making sure all points of access are protected appropriately, including cyber access points.³

There are also supply chain risks with third-party vendors that many companies use for supply chain management and its many facets, like logistics. Some cybersecurity breaches occur when hackers gain access to a third-party vendor’s network, then proceed into a larger enterprise’s corporate network using that third party’s legitimate credentials.⁴

One recommendation from experts is that supply chain managers thoroughly evaluate all third-party vendors to ensure their cybersecurity measures meet the managers’ own standards.⁵ It is important to identify every partner that has access to the company’s systems and assess the measures they use to protect data. Executive management can require standardised protocols for logins, passwords, badges and encryption for all vendors used by the company. Experts also recommend ongoing audits and monitoring to detect and prevent breaches.⁶

Physical World Threats for Supply Chain Management

While threats in the virtual world may be top of mind for supply chain management, physical threats from theft, including piracy, also jeopardises the supply chain. Cargo shipping, particularly by sea, may seem more secure; losses have declined by 45 percent from 2006 to 2015 thanks to more safety and self-regulation.⁷ But pirate attacks haven’t declined, and attacks in Southeast Asia have actually risen to make up 60 percent of all incidents.⁸

Cargo theft incidents are on the rise, occurring almost four times more frequently in 2015 than just four years prior, requiring supply chain management to include vetting at every point. According to Security magazine, background checks for drivers, employee training, physical security measures, understanding global regulations and video surveillance of docks, warehouses and gate areas can help mitigate against losses, particularly in pharmaceuticals and electronics, where the thefts are the costliest.⁹

Remote monitoring and video surveillance can be particularly helpful in preventing thefts. One company installed cameras and remote monitoring to create a virtual border around its facility, which helped cut security costs while providing specific information to help track down intruders.¹⁰ Another company took this idea a step further, doubling the number of cameras in its warehouses to fully track the order process, from creation to picking and packing. This not only improved security but also increased efficiency and allowed the company to refine its processes.¹¹

Experts recommend maintaining visibility throughout the supply chain, using real-time cargo location information and creating a chain-of-custody protocol to satisfy regulatory and other compliance concerns. Supply chain managers also are advised to include risk mitigation procedures that monitor criminal activity and engage with law enforcement to assist with recovery of stolen goods.¹²

The Takeaway:

The supply chain faces many physical and cyber risks. To mitigate those risks, supply chain management may wish to include thorough vetting of third-party vendors, as well as employees. Companies may also wish to use technology to track and monitor their supply chains – which may create the added bonus of helping to uncover potential efficiencies.

Sources

1. "Transportation Risk Index 2016: Navigating risk in the transportation sector,", Willis Towers Watson; https://www.willistowerswatson.com/en/insights/2016/09/transportation-risk-index-2016
2. Ibid.
3. "Home Depot Agrees To $19.5 Million Settlement To End 2014 Breach Nightmare", ThreatPost; https://threatpost.com/home-depot-agrees-to-19-5-million-settlement-to-end-2014-breach-nightmare/116884/
4. "Is your supply chain safe from cyberattacks?", Supply Chain Quarterly; http://www.supplychainquarterly.com/topics/Technology/20150622-is-your-supply-chain-safe-from-cyberattacks/
5. Ibid.
6. Ibid.
7. "Long-term decline in shipping losses continues but economic pressures, cyber risk and superstorms challenge safety progress", Allianz; http://www.agcs.allianz.com/about-us/news/safety-and-shipping-review-2016-press/
8. Ibid.
9. "Hardening the Supply Chain", Security; April 2016 edition.
10. "Securing Supply Chains One Link at a Time", Security; http://www.securitymagazine.com/articles/86204
11. Ibid.
12. "Hardening the Supply Chain", Security; April 2016 edition.