Search By Topic The Green Supply Chain Distribution Digest
Supply Chain Digest Logo

Category: Procurement and Sourcing

Supply Chain News: When Building Cybersecurity Strategies, don't Forget Suppliers


Suppliers Pose Major Risks, but are Rarely Well Considered in Cybersecurity Plans and Investment

July 15, 2020
SCDigest Editorial Staff

The cyber world is full of dangers for companies of all sizes, with ever growing threats, relentless attacks, and continuously rising costs to try keep the bad guys out.

Supply Chain Digest Says...

Key to reducing risk from suppliers is mapping and modeling the extended supply chain, they say.

What do you say?

Click here to send us your comments
Click here to see reader feedback

It's about all companies can do to keep their own enterprises safe, with the risks to operations and/or brand image from a cybersecurity incident at extremely high levels.

But despite all that, and in the end with cybersecurity budgets having their limits for any company, are corporations adding to their risk by not paying enough attention to the vulnerabilities their supply base poses in terms of cyber-attacks?

At a high level, those risks are of two types:

1. Suppliers may have sensitive data, such as demand forecasts, information about their own suppliers, bill of materials details and more that could be damaging to the buying company if stolen in a cyber-attack.

2. A cyber-attack could also shut a key supplier down, potentially causing a disruption in the buying company's supply chain or operations.

Companies need to take actions to reduce both risks for their suppliers, experts say.

Writing a recent guest column in the Wall Street Journal, Daniel Pellathy of Grand Valley State University and Ted Stank of the University of Tennessee commented on the first risk, noting that "Supply chain partners can remain exposed, offering backdoor access to a wealth of customer and product information."

The pair say that managing these cyber vulnerabilities requires that companies collaborate with key suppliers in such areas as jointly assessing risks in the supply chain and coordinating investments in safeguards.

"Without collaboration, companies may fail to fully consider partner capabilities and incentives in investments and so may misallocate resources," Pellathy and Stank say, adding that substantial investment in securing customer data at company can easily be undermined by a data breech at supplier with access to the same data but with weak financial incentives to invest in cybersecurity.

In fact, "Companies need to start thinking about cybersecurity as a supply chain problem," Pellathy and Stank argue.

(See More Below)



Key to reducing risk from suppliers is mapping and modeling the extended supply chain, they say.

Mapping the supply chain provides insight into how critical nodes in a network, both physical and digital, may depend on various suppliers. With that foundation, modeling tools can then be used to assess probabilities and expected losses from attacks or breeches a company and supplier nodes.

"Combining mapping and modeling can help companies to ensure that resources are appropriately allocated to the most vulnerable and most valuable points in a supply chain," Pellathy and Stank argue.

In the end, "Corporations need to look at cybersecurity itself as an extended supply chain," Pellathy and Stank conclude.

Do companies fail to adequately consider supplier risk in cybersecurity? Let us know your thoughts at the Feedback section below.


Your Comments/Feedback




Follow Us

Supply Chain Digest news is available via RSS
RSS facebook twitter youtube
bloglines my yahoo
news gator


Subscribe to our insightful weekly newsletter. Get immediate access to premium contents. Its's easy and free
Enter your email below to subscribe:
Join the thousands of supply chain, logistics, technology and marketing professionals who rely on Supply Chain Digest for the best in insight, news, tools, opinion, education and solution.
Home | Subscribe | Advertise | Contact Us | Sitemap | Privacy Policy
© Supply Chain Digest 2006-2019 - All rights reserved