The vulnerable state of supply chains in 2021, due to constraints caused mainly by COVID-19, has complicated the growing supply chain security problem. A 2021 report by BlueVoyant found that of the 1,200 IT professionals and chief procurement officers they surveyed, a staggering 93% said they had suffered a cybersecurity breach because of weaknesses in their supply chain.
Of course, attacks on supply chains are by no means new. But as companies continue to expand their procurement activities to a global chain of vendors and contractors, the likelihood of suffering a network breach has also increased exponentially. This underscores the importance of increasing your supply chain defences.
If you are looking to improve your organisation’s supply chain security, you should consider the three measures below.
First things, first — get to know all the suppliers or contractors in your supply chain. Be sure to check your upstream supply chain (i.e. parties involved in providing raw materials) and your downstream supply chain (i.e. parties engaged in post-manufacturing activities).
It’s a good idea to break down your contractor or supplier network into tiers.
- Tier One Suppliers: These are partners that you do direct business with. For example, if you’re a clothing manufacturer, the warehouse storing raw materials is a Tier One supplier.
- Tier Two Suppliers: These are suppliers where Tier One suppliers source their materials. For example, a fabric supplier for a clothing company may get its textiles from a fabric mill.
- Tier Three Suppliers: These are suppliers that Tier Two suppliers rely on for materials. For example, a fabric mill will need to source cotton from a cotton farm.
Mapping your supply chain is an excellent opportunity to identify weak links and instances of duplication (i.e., having two or more suppliers providing the same services).
Once you’ve identified all your suppliers, you’ll need to assess each partner’s position to know what risks they pose to your company. For example, a supplier bankruptcy leading to a disruption in raw materials supply is a known risk. A control measure would be having contacts with backup suppliers.
Supply chain risk management is a very complex process. One way to expedite things is to look for suppliers backed by nationally-recognised accreditation schemes like the Common Assessment Standard, which covers 13 areas of risk management, from health and safety and financial security to anti-bribery and modern slavery. This will ensure that your suppliers have demonstrated compliance with regulations and industry best practices.
While digitising processes such as inventory management and procurement has been a boon for supply chain efficiency, it has also created new vulnerabilities that need to be addressed. According to research by Argon, software supply chain attacks surged by 300% in 2021 year-over-year.
Fortunately, 88% of cyber attacks can be traced to human error. With a few simple measures, you can dramatically reduce the risk of attacks on your supply chain. These measures include:
- Requiring all employees to use strong passwords and teaching them to avoid recycling passwords across different accounts and applications. Better yet, set a regular schedule for passwords to be replaced.
- Ensure that all staff have activated multi-factor authentication on their accounts and devices.
- Create a mobile device management (MDM) policy to enhance the security of employees when accessing supply chain data on their personal devices.
- Conduct regular staff training to teach employees how to detect phishing scams, update software and be more security-aware.
Author: Alex Minett
Alex Minett is the Head of Product & Markets at CHAS, the UK’s leading health and safety assessment scheme and provider of risk mitigation, compliance, and supply chain management services. With a working history in the audit and management consulting industry, Alex is experienced in implementing visions and strategies. Skilled in negotiation, management and business development, he is passionate about driving CHAS in its mission to safeguard organisations from risk in the UK.