My first exposure to the importance of supply chains came courtesy of the Cabbage Patch Kids.
Although legend has it that they were born in a cave behind a magic waterfall in the Appalachian Mountains, there was a very odd Christmas season in 1983, when the kids were stuck in transit on slow-moving cargo ships. The resulting shortage caused parents everywhere to briefly lose their minds. Increased supply and falling demand caused the situation to straighten out after the holiday season, but we were still left with news reports of “Cabbage Patch Riots” as a reminder of how rapidly things can break down.
This holiday season is shaping up to be a perfect storm of supply chain vulnerability. In addition to dealing with the normal supply challenges caused by holiday spikes in demand, we have a supply system that is already severely strained by the 18-month-old pandemic. We are also observing a significant increase in hostile cyber activity across all attack vectors, from ransomware to phishing to cyber supply chain attacks.
If historical precedent is any guide, these attacks will ramp up considerably over the holidays. Attackers know that I.T. staffs are in a reduced state over the holidays, so it’s an opportune time to launch a network intrusion. This means less chance of immediate discovery, and more time to establish a beachhead and obscure your activities before the full staff returns. In addition to having that I.T. staff on vacation, you have the rest of the company in a holiday time crunch time frame of mind, and less likely to be as diligent about cyber security as they normally are.
So what should companies be doing now to prepare? Break your activities into two main areas: cyber security and supply chain security.
From a cyber security perspective, there are three key things we should all be doing to get ready. The first is patching and vulnerability management. This sounds like basic cyber hygiene, but it’s often not done effectively. Somewhere between 30% and 60% of the breaches that happened in the last two years were due to known vulnerabilities in unpatched software. There’s really no reason to leave your environment this vulnerable.
The second key activity is to implement e-mail security with phishing filtering, supported by staff training and education. Around the holiday season your employees will get busy and stressed, and will also receive a significant increase in legitimate e-mail promotions for holiday shopping. This makes it harder for them to identify phishing attempts, and is a recipe for people to click on something they ordinarily wouldn’t.
The third important cyber activity is to make sure you have security monitoring informed by threat intelligence. You need to recognize that even with patching and training, you are likely to have some issues. Have a solution in place to watch for this, in order to minimize the impact.
The other main area of focus must be on your supply chain security. With the interdependent nature of modern fulfillment environments, the biggest challenge is getting sufficient visibility into the supply chain. Have your purchasing people take a look at their bills of materials and determine who’s supplying your components. Are there companies or products in the chain that you aren’t comfortable relying on? Do key components originate out of countries that aren’t reliably friendly to the U.S.? Is there a high risk of counterfeiting? It can be a complicated web, but there are tools out there to help. In particular, there are some compelling data sources dealing with things like ownership structures, labor conditions, and piracy that can be knit together to provide this sort of view, but you have to know to look for it.
When these weaknesses in your supply chain appear, what should you do about them? This type of mitigation planning is a critical step to take now. Use the available tools to see what the impact will be and how you can address it, in order to minimize disruption to your customers. This will help your operations to thrive, in spite of an uncertain supply environment, caused by natural occurrences like COVID-19 or nefarious events like piracy and counterfeiting. Your supply chain is only as strong as its weakest link, so use this time to proactively strengthen those links rather than just waiting for one to break in late December.
It’s going to be a challenging holiday season for all of us, both producers and consumers, that depend on the global supply chain. The combination of the holiday rush, continued impacts from the pandemic and increased cyberattacks means that your supply chain will be under unprecedented pressure and threat. That’s why it’s so important to get prepared. Take advantage of the time you have now, and focus on improving your cyber and supply chain security footprint. That way, when the holiday rush comes, you’ll be able to continue to delight your customers, without having to rely on magical waterfalls.
Kyle Rice is chief technology officer with SAP NS2.