Supply chain cyber security: what are the risks and how can companies address them?

Apptricity CEO Tim Garcia helps organisations protect their supply chain and fight back against network attacks.

As the CEO of a leading supply chain management, e-procurement and financial productivity solutions company, Tim Garcia draws on real-life experiences to provide four tips for incorporating web security into companies' overall risk management strategies. Lax procedures that fail to protect critical data leave businesses vulnerable to attacks that threaten customers and damage brands.

The threat also can compromise operational processes, including supply chains. Companies can avoid pitfalls by following these simple steps:

1. Analyse the supply chain for vulnerabilities. Conduct a comprehensive analysis in which each node and component of the supply chain is thoroughly examined. "Most industry experts are well aware of this important step, but companies just need to be certain that checking for cyber risk is part of the overall security assessment," said Garcia.
   
   
2. Communicate. An extra step needs to be taken to ensure the IT department and supply chain team are part of that discussion. Surveys have shown that fragmented or one-off communication among entities is a problem. "The chief information officer, chief supply chain or procurement officer, and the chief risk officer all need to have tight communication," Garcia said.
   
   
3. Tap the government as a resource. While one company's supply chain might not be the government's top priority, its focus on infrastructure from a cyber risk perspective certainly dovetails with corporate interests. "One resource to watch is a program between the Department of Homeland Security's Office of Cyber Security & Communications and the National Institute of Standards and Technology," said Garcia. "They are developing a voluntary set of cyber security standards and best practices for critical infrastructure."
   
   
4. Don't say 'If.' Say 'When.' In the sixth annual Global Technology, Media and Telecommunications Security study from the consulting firm Bersin by Deloitte, 68 percent of companies said they understood their cyber risks. Sixty-two per cent said they had programs in place to address cyber security threats. However, 59 per cent of those companies experienced a security incident in the past year. "Companies need total organizational visibility and a plan to enact in case of cyber threats in order to recover," said Garcia. "Check to make your supply chain management software gives you that."