Perspective

Cybersecurity and your supply chain

July 22, 2015
Toby Gooley
No Comments

By now, everybody on the planet is aware that criminals have at various times hacked into the customer databases of giant retailers like Target and Home Depot, and that even government agencies—including the military—are not immune to such crimes. But what many of us don't realize is that our supply chains are also vulnerable to electronic infiltration.

As Drew Smith, founder and CEO of the computer security company InfoArmor, writes in "Is your supply chain safe from cyberattacks?" in the Q2/2015 issue of CSCMP's Supply Chain Quarterly, global supply chains are highly reliant on the rapid sharing of data among supply chain partners. Yet each of these relationships represents a potential point of access to an organization's proprietary information. Exchanging data with suppliers, it turns out, is risky business.

While Smith's article offers plenty of interesting background, such as the extent of security breaches and the most common types of attack, it's that last sentence that deserves your full attention. Today's integrated, interdependent systems, he writes, are rife with cybersecurity risks. These include the transmission of information to and from vendors; open access to data rather than "need to know" access; frequent changes in suppliers and products; a lack of standardization of security protocols among suppliers and other supply chain partners; and obsolete or infected hardware and software.

Smith argues that cybersecurity should therefore be an integral part of supplier vetting, and that every buyer should require its suppliers to meet specified security standards. "One of the most important and effective steps you can take," he writes, "is to include cybersecurity protocols, conditions, and capabilities in the procurement function's approval criteria for all potential new vendors."

The Home Depot security breach came about because criminals obtained and manipulated vendors' computer credentials. Target was compromised because a service provider failed to follow accepted information-security practices. If cybersecurity standards are not currently included among your vendor-approval criteria, I urge you to circulate Smith's article in your procurement organization, and to conduct a risk assessment soon.

Technology
    Contributing Editor Toby Gooley is a freelance writer and editor specializing in supply chain, logistics, material handling, and international trade. She previously was Editor at CSCMP's Supply Chain Quarterly. and Senior Editor of SCQ's sister publication, DC VELOCITY. Prior to joining AGiLE Business Media in 2007, she spent 20 years at Logistics Management magazine as Managing Editor and Senior Editor covering international trade and transportation. Prior to that she was an export traffic manager for 10 years. She holds a B.A. in Asian Studies from Cornell University.

    Recent Articles by Toby Gooley

    Practical recommendations abound at National Forklift Safety Day 2023

    National Forklift Safety Day 2022 connects safety with labor challenges

    Navigating the new normal

    You must login or register in order to post a comment.

    Copyright ©2023. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing