• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Data No. 1 Commodity in Supply Chain Putting Companies at Risk for Cyberattacks

Data No. 1 Commodity in Supply Chain Putting Companies at Risk for Cyberattacks

December 30, 2014
Drew Smith, Founder & CEO, InfoArmor

Production and distribution in the supply chain now encompasses a firm’s value chain proposition as well. Inbound and outbound logistics, along with operations and marketing/sales and service, drive competitive advantage across stages and functions inherent to an effective supply chain – one that is now open-ended. But regardless of how many stages of a supply chain a firm may use, the connectivity to the firm’s value competencies is readily identifiable.

In this new system, the supply chain has access to pricing data, metrics, point-of-sale information, inventory control flows and enterprise system activity. As such, the supply chain becomes an organic network of connected parties exchanging proprietary intellectual property.

The result: the supply chain is at risk for cyberattacks at several points of contact, including manufacturers, suppliers, transporters, retailers, distributors and even customers.

A case in point is the Home Depot breach that exposed 56 million debit and credit card accounts last September and which also compromised 53 million customer email addresses. The most recent attack occurred as a result of hackers accessing the retailer’s systems via a third-party vendor's username and password. Such breaches are becoming increasingly common as third- and fourth- party transactions provide entry points for accessing raw data, as well as intellectual property and proprietary content.

The takeaway: supply chain companies are only as strong as their weakest link.

Take a seemingly innocuous situation where an organization uses multiple distribution partners. A firm in one layer may use a pull ordering system while a second may use a push ordering system. These firms are connected through the logistics function, but may have completely different security protocols.

Cyberattackers will use these discrepancies to target data and exploit weakness over a deeper medium and for a longer period of time, resulting in data leakage, compromised credentials, malware and viruses, distributed denials of service and SQL injection.

Even more distressing is the fact that as more companies rely on supply chain management, hackers are imbedding malicious technology, which can take months or years for firms to recognize. While 91 percent of compromises were completed by hackers in hours or less, nearly two-thirds (62 percent) took months or years to discover, and more than half took months or more to contain, according to the 2013 Verizon Data Breach Report.

Reducing risk by identifying the supply chain’s pieces

Because risk exposure may already be ingrained in an organization’s infrastructure, a logical starting point for executive management should be to identify the exact composition of the supply chain. Understanding how a firm operates will help identify potential security issues.

Trends indicate that formal due diligence in vetting supply chain partners is considerably lacking. Only 44 percent have a process for evaluating third- party vendors, falling from 54 percent in 2013. Similarly, just 41 percent of companies have a process for assessing the cybersecurity of third-party industries with which they share data or networks before launching business operations, according to a 2014 cybercrime survey by PricewaterhouseCoopers. 

Pro-active monitoring and auditing

Identification points the way; however, proactive risk management is critical.

Supply chain firms should begin with a gap assessment across the organizational chain ecosystem and identify ways to remediate potential threats. Security auditing and real-time monitoring are requisite steps for companies with several key measures. But such steps are lacking, with just 27 percent of firms conducting incident-response planning with supply chain partners.

Firms also should enlist a third-party expert to conduct the audit, or even better, a company that will perform an evaluation of the supply chain’s posture with ongoing monitoring. Additionally, a company should have a security framework (for example ISO 27001), along with an individual such as a CSO, CTO, CEO or data steward who is responsible for management, strategy and responsive action.

Examining vendor standards

Another area to examine is the standards of the vendors associated with the organization. Less than a third of respondents to the PricewaterhouseCoopers survey said they include security considerations in their contractual agreements. This is an issue, particularly when considering that an organization’s best efforts to protect their intellectual property may be thwarted by lax standards across the supply chain.

This brings up another issue: how to allocate resources. This is important, because the capacity to prevent, monitor and safeguard firms against cyber threats comes down to the economics of scarcity of resources.

A Pareto valuation model to identify threats

So how should firms use security dollars against ongoing cyber-externalities? Many options exist, including Key Performance Indicators.  But here is an option, this time from an inventory angle: Many firms use an ABC Inventory Control System designed to partition data into manageable sets to monitor based on value or flow usage. An interesting concept is to develop a similar Pareto division model from a threat perspective, where resources are allocated based on valuation to the firm. This could be price, inventory, in-process manufacturing, flow, inventory carrying cost and other variables. In doing so, companies can categorize the relative importance of vendors in the chain as a function of overall benefit assessment.

As the supply chain expands globally and encompasses more data, the risk of cyberattacks will continue to grow. The fact that firms’ supply chains are now imbedded in their value chain necessitates the need for continued vigilance.

Supply chains are networks that move critical information, a benefit for adding value to customers, but also exposing organizations to substantive risk. Finding innovative ways to ensure consumer and corporate privacy through fraud detection and intellectual property protection is critical amidst increasingly complex supply chain designs.

Source: InfoArmor

RELATED CONTENT

RELATED VIDEOS

Technology SC Planning & Optimization Global Supply Chain Management SC Security & Risk Mgmt Food & Beverage
KEYWORDS Data Breach Drew Smith Food and Beverage Founder & CEO Global Supply Chain Management InfoArmor Network Design optimization privacy violation SC Planning & Optimization SC Security & Risk Mgmt supplier IT systems Supply Chain Analysis & Consulting supply chain IT supply chain management: supply chain security and risk management Supply Chain Planning Supply Chain Risk Management Technology third-party threats threat assessment
  • Related Articles

    Cyberattacks Are a Major Risk in New Global Resilience Ranking

    As Cities Get ‘Smarter,’ Energy Sector Said to Be at Greatest Risk to Cyberattacks

    Following Data Breaches in 2014, Many Companies Opt for Encryption

  • Related Events

    How to Plan More Effectively Across Your Supply Chain

Drew Smith, Founder & CEO, InfoArmor

Data No. 1 Commodity in Supply Chain Putting Companies at Risk for Cyberattacks

More from this author

Wake up to Coronavirus Updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • Coronavirus-watch-Armada

    Virus Update: Biden Sees Shots Widely Available by Spring; Third of Staffs Will Work From Home Permanently

    Coronavirus
  • Car Industry

    A Year of Poor Planning Led to Carmakers’ Massive Chip Shortage

    Technology
  • U.S. Vaccine Rollout Hindered by Faulty Coordination, Messaging

    WHO Fumes at Western Drugmakers As China Fills Vaccine Void

    Coronavirus
  • Third-Party Cybersecurity

    What Vaccine Supply Chains Must Do to Protect Against Cyberattack

    Coronavirus
  • COVID-19 Vaccine

    Vaccine Disparities Raise Alarm as COVID-19 Variants Multiply

    Coronavirus

Digital Edition

Scb home issue 27

2020 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • LSP Saves Customer $1.5 Million a Year With MPO Global Inbound Management

  • Auto Supplier Wows Key Client Using riskmethods Supply Chain Savvy

  • Integrating Shipping and Compliance Saves Conglomerate Millions

  • How a Consumer Goods Giant Upped Its On-Time Delivery Performance

  • LSP Wows Global Client, Quickly Advances to Become End-to-End Provider

Visit Our Sponsors

6 River Systems ArcBest Armada
aThingz BluJay Burris Logistics
DSC Logistics DCSA (Digital Container Shipping Association) DHL Resilience360
Genpact GEP Honeywell Intelligrated
Infor Logility Magnitude Software
MPO Old Dominion Oliver Wight
OpenSky Ports America Purolator
QAD Precision Red Classic Riskmethods
TGW Systems Transportation Insights Watson Land Company
Westfalia Technologies Workjam Yang Ming
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright © 2016 - 2018 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing