Oct 16, 2019
Who’s playing leapfrog in your supply chain?
It is predicted that global cybercrime damages will cost up to $6 trillion annually by 2021. Cybercrime is replacing traditional crime – why? First and foremost, a cybercriminal can target vastly more “victims” at one time, AND it's far more difficult to catch them. Traditional criminals need to consider things like DNA – it's almost impossible not to get caught if you have left your DNA at the crime scene. Although advances have been made in the detection and apprehension of cybercriminals, it's still a lot easier to get away with cybercrime than traditional crimes and it's achieved in the comfort of their own homes.
With malicious hackers attacking computers and networks at a rate of one attack every 39 seconds (University of Maryland), individuals and companies need to be more vigilant. Adding additional complexity to an already complicated subject is that as companies turn to highly networked and outsourced supply chain models, it's no longer only their data they need to protect. How many daily tasks are outsourced to another business in the supply chain that requires access to your information? What contracts are in place to stipulate how these third parties can access, store, and send data? To what degree are third parties vetted for their cybersecurity defences before they are given access to sensitive and proprietary information?
SMEs often have lower levels of security in place. They usually don't have the expertise, resources, or budget to implement high-level security solutions, and they don't think they will be targeted as much as their larger companies will. Cybercriminals infiltrate these smaller companies in the supply chain and then “leapfrog” from system-to-system to access their primary target. They then can expose sensitive information and manipulate operations in the supply chain.
Although security measures are never 100% cyber proof if you make it more difficult to access the front door, cybercriminals are likely to move on to a less secure option. To start with, companies, regardless of size, need to protect their data centers first and then move outward to the third parties in their network to ensure that the next layer of security is in place. Investigate all your third parties’ security systems to see how they would handle and recover from potential attacks. Ensure that you investigate and have access to your vendors’ security procedures in all areas of their business, i.e., IT, Human resources, legal and operational/procurement. Understand each vendor's importance in your supply chain to determine the level of each one's risk. Set expectations by entering into contracts with each vendor and make sure to follow-up regularly to assess performance. Cull suppliers that don't or won't comply with security measures.
Your suppliers and their employees are an extension of your business – a cyber attack can rip through and affect many companies within a supply chain, so it's in the best interest of all stakeholders to work together to put in place robust processes, policies, and procedures. Running regular anti-malware scans and blocking malicious looking IP addresses is a good start but educating every person within your business as well as your third-party supplier businesses is equally essential. Train them to know how to identify possible threats to your systems and to report anything peculiar to your IT team ASAP. Often our employees are the weakest link.
Written by Barry Kukkuk
Barry comes from a systems architect and application development background. He started his career as the co-founder and chief developer for Icon Retail Management, a full-fledged retail management system that integrated with mainstream ERP. Barry later conceptualized and developed Inventory Optimiza for Barloworld Logistics and provided technical support for the application. It was here where Barry’s passion for Inventory Management solutions began and the industry where he would later return. Barry went on to start his own business in 2008, where he was an avid user of cloud-based apps and would only use online solutions for his business. In 2010 Barry began his journey with NETSTOCK. His enthusiasm for Inventory Management and his strong belief in “all things Cloud” collided, and we saw the release of the Inventory Management solution - NETSTOCK. Barry is the CTO at NETSTOCK, where he is responsible for all customer-facing technologies and systems that keep thousands of NETSTOCK customer instances working correctly.