How to avoid supply chain hacking
Do you know exactly what your business is spending money on? It might seem like a strange question, but according to an AmeriQuest Business Services survey*, an alarming amount of companies cannot answer it.
They have no purchasing strategy in place, or if they do, they don’t have a strict policy that ensures personnel are sticking to it. This leads to what Reggie Peterson, Director of Indirect Supply Programs at AmeriQuest, calls ‘dark purchasing’, where there is no real accountability for what employees are buying, which can put corporations at risk of supply chain hacking, as vendors are not going through an approval process.
Although linked to dark purchasing, hacking is a serious issue also caused by other weak points in the supply chain. Data breaches can be a major problem for corporations, as retail giant Target found out back in 2014 when details of over 70 million customers were hacked.
And how did the hackers get access to this data? Via the supply chain, as Peterson explains: “The hackers got through from a small third-party vendor, an HVAC service – that is how they gained access to Target’s network.” It is thought that the vast majority of data breaches originate from the supply chain as hackers look for the weakest link. When you consider that large companies could have thousands of different suppliers of products and services, it is easy to see that just one of these not following the correct supply chain security processes could open up the entire company to a hack.
A lot of the information going across the supply chain is digital – and increasingly stored in the cloud, which may mean it is more vulnerable to cyber attack than it has been previously. Peterson says: “There is an opportunity at any given time that hackers can breach any of those supplier connections and gather very sensitive information to gain a competitive advantage. And there is also the problem of hacking just for the sake of sport.”
So what can businesses do to avoid this happening? Although cyber attacks are evolving every day making them virtually impossible to completely eliminate, there are things you can do to reduce the chance of your company falling victim to hackers. Here is Peterson’s advice on four simple ways to make it harder for hackers to infiltrate your supply chain.
- Identify and understand exactly who your suppliers and partners are. As Peterson says, “Do basic research on who your suppliers are and if they are going to have a critical role within the supply chain, then you need to do a higher level of research regarding cyber security.” Every company needs to understand their partners’ cyber security risk, as well as their own.
- Use approved vendors. “Every company should have a supplier approval process – some type of methodology or protocols in place to vet each supplier that they are working with,” says Peterson. This is necessary not just for cyber security reasons, but will also assist when determining if suppliers are breaking any social or ethical responsibility rules.
- Know your contracts inside and out. “Make sure you have strong partnership agreements and contracts. What are the terms and conditions in your contracts? This will make it harder for suppliers to ‘do things under the cloak of darkness’.”
- Constantly evaluate your suppliers. “On a quarterly basis, you should be evaluating your suppliers and your suppliers’ performance. The more times you do that, the more you will be able to understand who your suppliers are and what they are capable of doing, where their strengths and weaknesses are.” This also means that your supplier will have reason to maintain – or improve – the products and services that they deliver to you.
*AmeriQuest Business Services surveyed 2,000 people directly involved in procurement and found:
- 20.4 percent of the companies had no procurement process in place;
- 13 percent had no idea if their company did, or did not have, a procurement process in place;
- Less than a quarter of the survey respondents indicated that procurement was viewed as a strategic business partner;
- Another 25 percent noted that procurement is simply seen as a function of accounts receivables/account payables;
- Approximately 25 percent said they order supplies on their own and then file expense reports;
- Fifteen percent of the survey respondents didn’t know which department managed their company’s procurement, even though they were directly involved in the process.
Follow @SupplyChainD on Twitter.
NTT DATA Services, Remodelling Supply Chains for Resilience
Joey Dean, the man with the coolest name ever and Managing Director in the healthcare consulting practice for NTT DATA and is focused on delivering workplace transformation and enabling the future workforce for healthcare providers. Dean also leads client innovation programs to enhance service delivery and business outcomes for clients.
The pandemic has shifted priorities and created opportunities to do things differently, and companies are now looking to build more resilient supply chains, none needed more urgently than those within the healthcare system. Dean shares with us how he feels they can get there.
A Multi-Vendor Sourcing Approach
“Healthcare systems cannot afford delays in the supply chain when there are lives at stake. Healthcare procurement teams are looking at multi-vendor sourcing strategies, stockpiling more inventory, and ways to use data and AI to have a predictive view into the future and drive greater efficiency.
“The priority should be to shore up procurement channels and re-evaluate inventory management norms, i.e. stockpiling for assurance. Health systems should take the opportunity to renegotiate with their current vendors and broaden the supplier channel. Through those efforts, work with suppliers that have greater geographic diversity and transparency around manufacturing data, process, and continuity plans,” says Dean.
But here ensues the never-ending battle of domestic vs global supply chains. As I see it, domestic sourcing limits the high-risk exposure related to offshore sourcing— Canada’s issue with importing the vaccine is a good example of that. So, of course, I had to ask, for lifesaving products, is building domestic capabilities an option that is being considered?
“Domestic supply chains are sparse or have a high dependence on overseas centres for parts and raw materials. There are measures being discussed from a legislative perspective to drive more domestic sourcing, and there will need to be a concerted effort by Western countries through a mix of investments and financial incentives,” Dean explains.
Wielding Big Tech for Better Outcomes
So, that’s a long way off. In the meantime, leveraging technology is another way to mitigate the risks that lie within global supply chains while decreasing costs and improving quality. Dean expands on the potential of blockchain and AI in the industry.
“Blockchain is particularly interesting in creating more transparency and visibility across all supply chain activities. Organisations can create a decentralised record of all transactions to track assets from production to delivery or use by end-user. This increased supply chain transparency provides more visibility to both buyers and suppliers to resolve disputes and build more trusting relationships. Another benefit is that the validation of data is more efficient to prioritise time on the delivery of goods and services to reduce cost and improve quality.
“Artificial Intelligence and Machine Learning (AI/ML) is another area where there’s incredible value in processing massive amounts of data to aggregate and normalise the data to produce proactive recommendations on actions to improve the speed and cost-efficiency of the supply chain.”
Evolving Procurement Models
From asking more of suppliers to beefing up stocks, Dean believes procurement models should be remodelled to favour resilience, mitigate risk and ensure the needs of the customer are kept in view.
“The bottom line is that healthcare systems are expecting more from their suppliers. While transactional approaches focused solely on price and transactions have been the norm, collaborative relationships, where the buyer and supplier establish mutual objectives and outcomes, drives a trusting and transparent relationship. Healthcare systems are also looking to multi-vendor strategies to mitigate risk, so it is imperative for suppliers to stand out and embrace evolving procurement models.
“Healthcare systems are looking at partners that can establish domestic centres for supplies to mitigate the risks of having ‘all of their eggs’ in overseas locations. Suppliers should look to perform a strategic evaluation review that includes a distribution network analysis and distribution footprint review to understand cost, service, flexibility, and risks. Included in that strategy should be a “voice of the customer” assessment to understand current pain points and needs of customers.”
“Healthcare supply chain leaders are re-evaluating the Just In Time (JIT) model with supplies delivered on a regular basis. The approach does not require an investment in infrastructure but leaves organisations open to risk of disruption. Having domestic centres and warehousing from suppliers gives healthcare systems the ability to have inventory on hand without having to invest in their own infrastructure. Also, in the spirit of transparency, having predictive views into inventory levels can help enable better decision making from both sides.”
But, again, I had to ask, what about the risks and associated costs that come with higher inventory levels, such as expired product if there isn’t fast enough turnover, tying up cash flow, warehousing and inventory management costs?
“In the current supply chain environment, it is advisable for buyers to carry an in-house inventory on a just-in-time basis, while suppliers take a just-in-case approach, preserving capacity for surges, retaining safety stock, and building rapid replenishment channels for restock. But the risk of expired product is very real. This could be curbed with better data intelligence and improved technology that could forecast surges and predictively automate future supply needs. In this way, ordering would be more data-driven and rationalised to align with anticipated surges. Further adoption of data and intelligence and will be crucial for modernised buying in the new normal.
These are tough tasks, so I asked Dean to speak to some of the challenges. Luckily, he’s a patient guy with a lot to say.
On managing stakeholders and ensuring alignment on priorities and objectives, Dean says, “In order for managing stakeholders to stay aligned on priorities, they’ll need more transparency and collaborative win-win business relationships in which both healthcare systems and medical device manufacturers are equally committed to each other’s success. On the healthcare side, they need to understand where parts and products are manufactured to perform more predictive data and analytics for forecasting and planning efforts. And the manufacturers should offer more data transparency which will result in better planning and forecasting to navigate the ebbs and flows and enable better decision-making by healthcare systems.
Due to the sensitive nature of the information being requested, the effort to increase visibility is typically met with a lot of reluctance and push back. Dean essentially puts the onus back on suppliers to get with the times. “Traditionally, the relationships between buyers and suppliers are transactional, based only on the transaction between the two parties: what is the supplier providing, at what cost, and for what length of time. The relationship begins and ends there. The tide is shifting, and buyers expect more from their suppliers, especially given what the pandemic exposed around the fragility of the supply chain. The suppliers that get ahead of this will not only reap the benefits of improved relationships, but they will be able to take action on insights derived from greater visibility to manage risks more effectively.”
He offers a final tip. “A first step in enabling a supply chain data exchange is to make sure partners and buyers are aware of the conditions throughout the supply chain based on real-time data to enable predictive views into delays and disruptions. With well understand data sets, both parties can respond more effectively and work together when disruptions occur.”
As for where supply chain is heading, Dean says, “Moving forward, we’ll continue to see a shift toward Robotic Process Automation (RPA), Artificial Intelligence (AI), and advanced analytics to optimise the supply chain. The pandemic, as it has done in many other industries, will accelerate the move to digital, with the benefits of improving efficiency, visibility, and error rate. AI can consume enormous amounts of data to drive real-time pattern detection and mitigate risk from global disruptive events.”