DC Velocity - IdeaBook 2016

from Verizon reported that approximately one in five network intrusions involves manufacturing, transportation, or utility organizations.

Another relevant point is that the Fortune 500 companies and their supply chains are not the only organizations being targeted by cybercriminals. Studies show that more than half of data breaches occur at small businesses. It is important to remember that any vendor with credentialed access can expose your information network to an attack.

TYPES OF ATTACKS

There are many ways cybercriminals can gain access to proprietary information. Here are some of the most common ones (see the sidebar for a more detailed list):

• Malware—Short for “malicious software,” malware is simply software that is embedded on computers, devices, or networks that can cause damage to protected or unprotected files. Examples include spyware, worms, viruses, and Trojan horses.

• Compromised credentials—Thieves use exposed usernames and passwords to access a company’s network. This personal information is typically bought and sold on the “deep” or “underground” Internet, where illegal activity occurs.

• Distributed denial of service (DDoS)—A hacker or bad actor disrupts a company’s systems or networks to deny service to clients or vendors. Typically, this form of attack is not a theft or loss issue, but rather can tie up company resources and the capacity needed to restart a system or programs that have been adversely impacted.

• SQL injections—The hacker or bad actor inserts malicious code into Structured Query Language (a programming language designed for managing information in databases) with the goal of accessing proprietary data. In this instance, hackers can access corporate databases by use of the SQL injection, bypassing firewalls and other security measures.

As a supply chain manager, you probably are not directly involved in addressing these threats, but you should be aware of first, how your company’s IT department is handling them, and second, what measures your suppliers have taken to prevent such attacks from happening.

PROTECTING YOUR SUPPLY AND VALUE CHAINS
Information sharing is not limited to supply chain func-
tions like transportation, distribution, logistics, ware-
housing, inventory management, sourcing, procure-
ment, and order and production planning. Companies
share proprietary data across their value chain—the
whole series of activities that create and build value for
a company, including marketing, sales, and customer
service in addition to the many functional areas of the
supply chain.

Harvard Business School’s Michael E. Porter describes
the value chain in these terms:
Competitive advantage cannot be understood
by looking at a firm as a whole. It stems from
the many discrete activities a firm performs in
designing, producing, marketing, delivering, and
supporting its product. Each of these activities
can contribute to a firm’s relative cost position
and create a basis for differentiation. 5

From this perspective, a company’s supply chain— both upstream and downstream—can be seen not only as a mechanism that develops and delivers products and services from source to customer, but equally importantly, as Porter suggests, as part of a value system in which interdependence is the fundamental tenet behind gaining competitive advantage.

In such an integrated system, the supply chain has access to pricing data, metrics, point-of-sale information, inventory flows, and enterprise system activity. By incorporating these and other components into an integrated value chain, companies expand economic efficiencies and create competitive advantage, thereby improving their profit margins. In other words, competitive advantage is predicated on engaging in partnerships within and across the supply and value chain.