CSCMP's Supply Chain Quarterly
July 20, 2018
Perspective
Perspective

Cybersecurity and your supply chain

Comment
Properly vetting suppliers—and making data security a condition of doing business—can help reduce vulnerabilities to cyberattacks.

By now, everybody on the planet is aware that criminals have at various times hacked into the customer databases of giant retailers like Target and Home Depot, and that even government agencies—including the military—are not immune to such crimes. But what many of us don't realize is that our supply chains are also vulnerable to electronic infiltration.

As Drew Smith, founder and CEO of the computer security company InfoArmor, writes in "Is your supply chain safe from cyberattacks?" in the Q2/2015 issue of CSCMP's Supply Chain Quarterly, global supply chains are highly reliant on the rapid sharing of data among supply chain partners. Yet each of these relationships represents a potential point of access to an organization's proprietary information. Exchanging data with suppliers, it turns out, is risky business.

While Smith's article offers plenty of interesting background, such as the extent of security breaches and the most common types of attack, it's that last sentence that deserves your full attention. Today's integrated, interdependent systems, he writes, are rife with cybersecurity risks. These include the transmission of information to and from vendors; open access to data rather than "need to know" access; frequent changes in suppliers and products; a lack of standardization of security protocols among suppliers and other supply chain partners; and obsolete or infected hardware and software.

Smith argues that cybersecurity should therefore be an integral part of supplier vetting, and that every buyer should require its suppliers to meet specified security standards. "One of the most important and effective steps you can take," he writes, "is to include cybersecurity protocols, conditions, and capabilities in the procurement function's approval criteria for all potential new vendors."

The Home Depot security breach came about because criminals obtained and manipulated vendors' computer credentials. Target was compromised because a service provider failed to follow accepted information-security practices. If cybersecurity standards are not currently included among your vendor-approval criteria, I urge you to circulate Smith's article in your procurement organization, and to conduct a risk assessment soon.

Contributing Editor Toby Gooley is a freelance writer and editor specializing in supply chain, logistics, material handling, and international trade. She previously was Editor at CSCMP's Supply Chain Quarterly. and Senior Editor of SCQ's sister publication, DC VELOCITY. Prior to joining AGiLE Business Media in 2007, she spent 20 years at Logistics Management magazine as Managing Editor and Senior Editor covering international trade and transportation. Prior to that she was an export traffic manager for 10 years. She holds a B.A. in Asian Studies from Cornell University.

Join the Discussion

After you comment, click Post. If you're not already logged in, you will be asked to log in or register.


Want more articles like this? Sign up for a free subscription to Supply Chain Executive Insight, a monthly e-newsletter that provides insights and commentary on supply chain trends and developments. Click here to subscribe.

We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter : Cybersecurity and your supply chain"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.

Want more articles like this? Subscribe to CSCMP's Supply Chain Quarterly.