During National Cybersecurity Awareness Month, it seems fitting to report on how procurement has been affected by cybercrime in 2020 and the most effective ways to prevent a supply chain attack.
Since the outbreak of COVID-19, supply chain attacks have increased exponentially. This is thanks to the implementation of new technologies, organisations quickly on-boarding new vendors with insufficient security, and a sharp increase in employees working from home.
With this in mind, it has never been more important for procurement teams to implement effective strategies to reduce the risk of a supply chain attack.
What is a supply chain attack
A supply chain attack sees cybercriminals targeting an organisation through a third-party supplier, often for the purpose of claiming ransom, sabotaging the business, or stealing intellectual property.
By attacking the most vulnerable links within an organisation’s network, hackers can hit multiple targets at once and wreak serious havoc – long before an organisation is able to detect a security breach. This often results in operations being stalled or disrupted, a brand’s reputation being damaged, and millions of dollars in costs.
Supply chain attacks can include, but are not limited to, software hijacking, the injecting of malicious code into software, and the targeting of Internet of Things (IoT) devices or operational technology.
Four ways to prevent a supply chain attack
1. Be alert to the very real threat of a supply chain attack
Business leaders must not sit back and hope they will be unaffected by cybercrime. Increasingly complex and global supply chains coupled with today’s tumultuous environment make for a perfect supply-chain-attack storm.
Today, the average number of third parties with access to sensitive information at each organisation is 471, and yet just 35% of companies keep a list of all the third parties with whom they share their this sensitive data.
A strategic and thorough approach must be taken to tackle cybercrime, which includes accepting and understanding all of the potential risks before identifying weak spots throughout the supply chain.
2. Conduct supplier risk assessments
Just as a procurement team assesses all vendors within the supply chain for ethical compliance, it must do so for cybersecurity purposes. A thorough security risk assessment should be conducted for each newly on-boarded supplier, and existing suppliers must be continually monitored. Are they following security protocols? Do they have secure systems in place? Who has access to sensitive information and are they sharing data on a strictly need to know basis?
3. Lockdown Internet of Things (IoT) devices
The digitisation of supply chains, which includes the adoption of automation, robotics, Artificial Intelligence (AI), and IoT devices, presents numerous opportunities for procurement. But it also serves to increase an organisation’s exposure to supply chain attacks. Smart products increasingly feature embedded code and sensors, which makes them all too easy to hack. Procurement teams must carefully assess product security and implement a comprehensive strategy for securing these technologies across the entire supply chain.
4. Implement the simple cybersecurity fixes
As COVID-19 continues to spread around the world, many organisations are struggling to stay afloat. The resulting budget and staffing cuts means that installing and updating security systems are far from being top business priorities. But there are several ways to improve an organisation’s cybersecurity without committing huge investments. This could be as simple as establishing a new policy for evaluating supplier contracts, collaborating with existing vendors to improve security, or training employees to identify potential cyberattacks. Limiting an employee’s ability to download and install third-party programs on their workplace devices is another simple way to mitigate the risk of a cyberattack.