Guest blog written by Ruby Pope, Head of Marketing and Strategy, Darkbeam
The last few months has seen novel coronavirus stretch our supply chains to the limit as manufacturing delays, transport restrictions and volatile markets continue to cause disruption and make planning for the next few quarters feel like an impossible task.
Although safeguarding employee health and streamlining costs have been the top priorities for many enterprises during this period, there is one area that is still being overlooked: cyber security.
As many of us continue to work from home under social distancing guidelines, increasing volumes of criminals are launching opportunistic attacks that exploit the security weaknesses of the home office and our current distraction as the pandemic unfolds. For procurement professionals in large enterprises, regularly accessing sensitive financial data, your IT team has likely ensured that your devices and software are following the security standards needed to keep the wider business safe, even when working at home. Unfortunately, this is not always true for the suppliers we work with, whether they’re SMEs or a larger vendor that does not see itself as a cyber crime target. So how should you proactively engage your suppliers to keep them secure against cyber threats?
Understand what’s at stake
If you’re going to help your suppliers become more cyber aware, it’s essential to understand why they’re vulnerable in the first place so you can communicate the urgency of improving security standards.
As more and more of our supply chain goes online, the last few years have seen bad actors take advantage of vulnerabilities in these digital connections to steal data, deploy ransomware and carry out payment fraud. After all, it’s much more efficient for the attacker to exploit the connections in a supply chain to rapidly infiltrate multiple organisations then it is to solely focus on one target network.
Cyber attacks via the supply chain is now an issue that affects every industry in every nation. In 2017, Equifax saw personal information (including social security numbers and home addresses) stolen via an employee background screening vendor that had not been properly monitored. And despite suffering a record-breaking data breach in 2018, Marriott suffered from another successful cyberattack early in 2020, this time via a small franchised hotel in Russia. This method of cyber attack is here to stay. So how can you protect your supply chain?
Map the levels of cyber risk across your supply chain
If you’re at an early stage of maturity when it comes to monitoring cyber threats in your supply chain, it is helpful to start by identifying your highest risk suppliers and prioritise engaging with them to improve security standards. At Darkbeam we work with Achilles clients to rapidly risk assess the digital vulnerabilities of their supply chain and help you to drill down on the suppliers who are struggling to align with your risk appetite and cyber security best practice. This enables procurement teams to immediately engage with vendors at a high risk of a cyber attack in the next few months and remove cyber threats before business as usual can be impacted.
Unless they’re a technology vendor, many suppliers may not have the resources or the expertise to be aware of their cyber vulnerabilities. This is particularly true for SME suppliers, even as they increasingly trade and communicate using digital tools. To engage with suppliers productively, it’s helpful to provide a benchmark so they can understand how their security standards compare to their peers and competitors. It’s also essential to clearly outline which cyber threats are most important to your organisation so they can put the right processes in place.
At Darkbeam, we’ve seen the greatest success when procurement teams share metrics and risk areas to monitor with their vendors, aligned to the board-level priorities of their organisation. This might be data protection in heavily regulated sectors, or secure online transactions in public-facing industries.
As we all try to maintain business as usual in this time of uncertainty, Achilles often reminds us all that ‘insight beats hindsight’ and at Darkbeam we couldn’t agree more. That’s why we’re partnering with Achilles to help procurement teams to identify and visualise your critical cyber threats in real time, so you can work with suppliers to mitigate risk before a successful cyber attack can be launched.