How to avoid supply chain hacking
Do you know exactly what your business is spending money on? It might seem like a strange question, but according to an AmeriQuest Business Services survey*, an alarming amount of companies cannot answer it.
They have no purchasing strategy in place, or if they do, they don’t have a strict policy that ensures personnel are sticking to it. This leads to what Reggie Peterson, Director of Indirect Supply Programs at AmeriQuest, calls ‘dark purchasing’, where there is no real accountability for what employees are buying, which can put corporations at risk of supply chain hacking, as vendors are not going through an approval process.
Although linked to dark purchasing, hacking is a serious issue also caused by other weak points in the supply chain. Data breaches can be a major problem for corporations, as retail giant Target found out back in 2014 when details of over 70 million customers were hacked.
And how did the hackers get access to this data? Via the supply chain, as Peterson explains: “The hackers got through from a small third-party vendor, an HVAC service – that is how they gained access to Target’s network.” It is thought that the vast majority of data breaches originate from the supply chain as hackers look for the weakest link. When you consider that large companies could have thousands of different suppliers of products and services, it is easy to see that just one of these not following the correct supply chain security processes could open up the entire company to a hack.
A lot of the information going across the supply chain is digital – and increasingly stored in the cloud, which may mean it is more vulnerable to cyber attack than it has been previously. Peterson says: “There is an opportunity at any given time that hackers can breach any of those supplier connections and gather very sensitive information to gain a competitive advantage. And there is also the problem of hacking just for the sake of sport.”
So what can businesses do to avoid this happening? Although cyber attacks are evolving every day making them virtually impossible to completely eliminate, there are things you can do to reduce the chance of your company falling victim to hackers. Here is Peterson’s advice on four simple ways to make it harder for hackers to infiltrate your supply chain.
- Identify and understand exactly who your suppliers and partners are. As Peterson says, “Do basic research on who your suppliers are and if they are going to have a critical role within the supply chain, then you need to do a higher level of research regarding cyber security.” Every company needs to understand their partners’ cyber security risk, as well as their own.
- Use approved vendors. “Every company should have a supplier approval process – some type of methodology or protocols in place to vet each supplier that they are working with,” says Peterson. This is necessary not just for cyber security reasons, but will also assist when determining if suppliers are breaking any social or ethical responsibility rules.
- Know your contracts inside and out. “Make sure you have strong partnership agreements and contracts. What are the terms and conditions in your contracts? This will make it harder for suppliers to ‘do things under the cloak of darkness’.”
- Constantly evaluate your suppliers. “On a quarterly basis, you should be evaluating your suppliers and your suppliers’ performance. The more times you do that, the more you will be able to understand who your suppliers are and what they are capable of doing, where their strengths and weaknesses are.” This also means that your supplier will have reason to maintain – or improve – the products and services that they deliver to you.
*AmeriQuest Business Services surveyed 2,000 people directly involved in procurement and found:
- 20.4 percent of the companies had no procurement process in place;
- 13 percent had no idea if their company did, or did not have, a procurement process in place;
- Less than a quarter of the survey respondents indicated that procurement was viewed as a strategic business partner;
- Another 25 percent noted that procurement is simply seen as a function of accounts receivables/account payables;
- Approximately 25 percent said they order supplies on their own and then file expense reports;
- Fifteen percent of the survey respondents didn’t know which department managed their company’s procurement, even though they were directly involved in the process.
Follow @SupplyChainD on Twitter.