
Don’t Overlook Supply Chain Security In Your 2023 Security Plan
- by Tech Today News
- Posted on January 1, 2023
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? With cybercrime on the rise, many companies fall victim to viruses and malware that are passed to them by vendors and business partners. Until now, there hasn’t been a clearcut strategy that addresses this. But, now there are new third party risk assessment strategies, services and tools that can help identify security “weak points” in your company’s supply chain. Is now the time to invest in them? In 2021, BlueVoyant, a cybersecurity provider, reported that 98% of organizations it had surveyed said they had been impacted by a supply chain security breach. And in 2022, in a global study of 1,000 chief information officers, 82% of respondents said their organizations were vulnerable to cyberattacks that targeted their supply chains. SEE: Microsoft wants to help you avoid supply chain problems (TechRepublic) There are many reasons for these statistics and concerns. The most prominent are: What risk management steps can you proactively take to minimize supplier security breaches? To safely secure your supply chain, you should start with a supplier audit. Who are your riskiest suppliers? Do they provide mission critical components that your company would be hard-pressed to replace if their businesses failed or were disrupted? Corporate departments, like purchasing, that issue RFPs to suppliers focus on types, quality and delivery timeframes of the components they order. Security might not get written into RFPs at all — and it’s time to change that thinking. Companies should insist on including security as a condition of doing business with their suppliers. If there is a unique, mission-critical supplier that doesn’t have the resources to meet security requirements, a plan should be developed where the company can assist this supplier in becoming security-compliant. These companies also annually audit suppliers for security to assure improvements are being made. IT is continually involved with security, so there can be a tendency to think other C-level executives, including the CEO, also share that same security consciousness. That isn’t always the case. The CIO should make it a point to visit with other members of executive management as well as the board. The goal is to ensure everyone is fully on board with a robust security implementation and the necessary financial investment needed to support and maintain it. On an annual basis, a “State of the State” presentation about corporate security and risk management should be delivered to the board and C-level management. In addition to providing education to providers, departments, and leaders, IT can also use software to improve the security of the supply chain. Commercial software is available that provides security questionnaire templates you can customize as you formulate your own security questionnaires for suppliers. Input from these questionnaires enables you to identify your most at-risk security suppliers. Supply chain digital twin software enables you to digitally model your entire supply chain, so you can simulate different supply chain risk scenarios. Companies use AI to plan supply chain routes and to predict adverse weather, natural disaster and even political issues, so they can develop contingencies for these potential disruptors. The good news is that there are a number of commercial supply chain risk management systems that do this, so you don’t have to develop supply chain risk AI from scratch.Why supply chain vendors pose security risks
Step up your policies for increased supply chain security
Place security in supplier RFPs
Elevate supply chain risk management awareness in your organization
Implement supply chain security tools
Software frameworks for vendor assessment
Digital twin supply chain simulations
Artificial intelligence (AI)
Supply chain security concerns continue to grow. Does your company have a risk management strategy in place that addresses the possibility of a major supplier security failure? Image: Zapp2Photo/Shutterstock With cybercrime on the rise, many companies fall victim to viruses and malware that are passed to them by vendors and business partners. Until now, there…