The cyber world is full of dangers for companies of all sizes, with ever growing threats, relentless attacks, and continuously rising costs to try keep the bad guys out.
Supply Chain Digest Says... |
 |
| Key to reducing risk from suppliers is mapping and modeling the extended supply chain, they say. |
 |
What do you say? |
| Click here to send us your comments |
 |
| Click here to see reader feedback |
|
|
It's about all companies can do to keep their own enterprises safe, with the risks to operations and/or brand image from a cybersecurity incident at extremely high levels.
But despite all that, and in the end with cybersecurity budgets having their limits for any company, are corporations adding to their risk by not paying enough attention to the vulnerabilities their supply base poses in terms of cyber-attacks?
At a high level, those risks are of two types:
1. Suppliers may have sensitive data, such as demand forecasts, information about their own suppliers, bill of materials details and more that could be damaging to the buying company if stolen in a cyber-attack.
2. A cyber-attack could also shut a key supplier down, potentially causing a disruption in the buying company's supply chain or operations.
Companies need to take actions to reduce both risks for their suppliers, experts say.
Writing a recent guest column in the Wall Street Journal, Daniel Pellathy of Grand Valley State University and Ted Stank of the University of Tennessee commented on the first risk, noting that "Supply chain partners can remain exposed, offering backdoor access to a wealth of customer and product information."
The pair say that managing these cyber vulnerabilities requires that companies collaborate with key suppliers in such areas as jointly assessing risks in the supply chain and coordinating investments in safeguards.
"Without collaboration, companies may fail to fully consider partner capabilities and incentives in investments and so may misallocate resources," Pellathy and Stank say, adding that substantial investment in securing customer data at company can easily be undermined by a data breech at supplier with access to the same data but with weak financial incentives to invest in cybersecurity.
In fact, "Companies need to start thinking about cybersecurity as a supply chain problem," Pellathy and Stank argue.
(See More Below)
|
CATEGORY SPONSOR: SOFTEON |
|
|
| |
|
|
 Key to reducing risk from suppliers is mapping and modeling the extended supply chain, they say.
Mapping the supply chain provides insight into how critical nodes in a network, both physical and digital, may depend on various suppliers. With that foundation, modeling tools can then be used to assess probabilities and expected losses from attacks or breeches a company and supplier nodes.
"Combining mapping and modeling can help companies to ensure that resources are appropriately allocated to the most vulnerable and most valuable points in a supply chain," Pellathy and Stank argue.
In the end, "Corporations need to look at cybersecurity itself as an extended supply chain," Pellathy and Stank conclude.
Do companies fail to adequately consider supplier risk in cybersecurity? Let us know your thoughts at the Feedback section below.
Your Comments/Feedback
|
