The negative impact of supply chain partners that
have experienced a data breach can continue for years.
Companies should, therefore, take steps to identify and
defend against such threats.
Internally, the company must monitor domains as
well as credentials—the passwords, log-ins, and other
IT security protocols that employees and vendors use to
legitimately access company systems. This involves setting consistent standards and methodologies for obtaining, using, and updating credentials, so that hackers
cannot utilize gaps or lapses in usage to infiltrate company systems. Companies also must be aware of any risks
associated with external partners. From a supply chain
perspective, effective vendor management can set the
foundation for a more nimble and proactive cybersecurity approach.
Vendor security begins with two fundamental pieces
of knowledge. The first is which firms comprise your
company’s supply chain. Identifying all partners, affili-
ates, and network participants is critical, as a firm is only
as strong as its weakest link. The second is the degree to
which your company is reliant on each of its product and
service partners. Your company’s security is dependent
on identifying the extent of that reliance, particularly
relative to the size and scope of the business operations.
A security breach at a supplier that plays an integral role
in, for example, product design would be a much greater
threat than a security breach at a supplier with which a
company has a simple, transactional relationship.
Different types of supply chains will have different
levels of risk of cyberattack. A vertically integrated
company with operations both upstream and down will
have a greater risk profile, because of the multiple stages
of production and distribution across its supply chain.
However, horizontally integrated businesses with a focus
on only one aspect of the supply chain are not immune
from risk. An operation that is solely manufactur-ing-based, for instance, may be at risk through multiple
SOME SECURITY TERMS YOU SHOULD KNOW
As security concerns multiply across the data entry
and exit points along the supply and value chain,
supply chain managers need to be aware of potential
threats. Here are some terms that may come up when
discussing this issue with your information technology
colleagues:
Bad actor—A malicious hacker; someone who uses
technology to damage a company’s business or steal
information.
Cybersecurity—Measures taken to protect a computer,
computer system, and/or data against unauthorized
access or attack.
Compromised credentials—Usernames and passwords
that have been exposed to unauthorized use.
Dark Web—Private sites that are not meant for the public to search. Examples include abandoned websites,
research firm databases, and government databases.
Deep/Underground Web—Where the Internet’s illegal
activity, like buying and selling personal information,
occurs.
Distributed denial of service (DDoS)—An attack that
involves the disruption of systems or networks to deny
service to clients or vendors.
Malware—Short for “malicious software”; software
that is embedded on computers, electronic devices, or
networks, and which can cause significant damage to
both protected and unprotected files. Examples include
spyware, worms, viruses, and Trojan horses.
Surface Web—The Internet where the everyday user
conducts searches. Google only indexes a small fraction of the Internet. Examples of sites on the surface
Web include Google, Facebook, Amazon, and eBay.
SQL injections—The insertion of malicious code into
Structured Query Language (a programming language
designed for managing information in databases),
allowing hackers to access corporate databases,
bypassing firewalls and other security measures.
Underground/Deep Internet— Where thieves go to buy
and sell personal information. Data breaches and security incidents increasingly put not just individual companies but also entire supply chains at risk.
