Wandile Mcanyana | Security Lead | Accenture Africa | mail me |
In recent years, to meet customer and market expectations, supply chains have been reconfigured for agility, transparency and speed.
Consumers want new and better products faster than ever. They demand unprecedented real-time visibility into supply chains, whether to validate a product’s authenticity or sustainability credentials, or simply understand exactly when it will be delivered.
Securing the supply chain
To meet these elevated needs, enterprises have expanded their supply chains, made them more flexible, and integrated their suppliers more closely. The result: enterprise supply chain networks have many more nodes to consider, and the cybersecurity attack surface now extends far beyond the four walls of the enterprise.
Our Cyber Threat Intelligence’s 2019 Report identifies five key factors that are influencing this dynamic security landscape:
- Compromising geopolitics – Cyberthreat actors are taking advantage of geopolitical crises to launch phishing lures, malware targeting, and disinformation campaigns.
- Cybercriminals adapt, hustle, and diversify – Conventional cybercrime and financially motivated attacks will continue to pose a significant threat, but criminal networks are growing in maturity and resilience.
- Expanding motives for ransomware – The rationale for ransomware attacks on corporations is increasingly more than just financial. Ideological and political factors are also in play.
- Improved ecosystem hygiene is pushing threats up the supply chain – As enterprises improve their own security, malicious actors are turning their attention to their suppliers.
- Vulnerabilities in cloud infrastructure demand costly solutions – The multiple side-channel vulnerabilities recently discovered in modern CPUs are a significant risk for organisations running their compute infrastructure in the public cloud. Adversaries can use these vulnerabilities to read sensitive data from other hosts on the same physical server.
To manage these growing threats, organisations need to embed security principles all the way across the supply chain network. That includes making cybersecurity a priority not just within the enterprise, but also with all connected partner organisations. It also includes developing traceability solutions for improved visibility across the network. These should be central considerations in the design of any intelligent supply chain.
The result will be a more secure enterprise and more secure supply chain. There is further potential for brand perception if a business can provide assurance to its customers about the security of products across its entire supply network – and consider the negative perception if it can’t. This is likely to be an increasingly salient factor in purchasing decisions as awareness of the security risks increases.
We are helping a global food company improve its supply chain transparency and build more trust with consumers in the process.
Embedding security across the supply chain
With a central database collecting and checking valid product serial numbers, a blockchain platform integrating logistics events on the downstream supply chain, plus unique QR codes printed on packaging, the company is able to offer customers a new level of assurance about product authenticity.
They simply have to scan the code and get access to a dedicated website where they can check authenticity and get some insights into a product’s route through the supply chain. This website can also act as a means of alerting customers in the case of product quality issues.
Creating a ‘centre of gravity’ with a dedicated program office
A key challenge for many enterprises is the complex, multifaceted, often fragmented nature of supply chain security. By creating a single coordinating program office for supply chain security, organisations can help overcome these difficulties.
Getting visibility into the whole supply chain
Look to improve the organisation’s visibility of all nodes in the supply chain, including their security posture.
The program office should be the place to do this, creating a central team able to coordinate all the interested enterprise functions and bring together all relevant data for a more comprehensive analysis.
Understanding the threats and weaknesses holistically
Effective supply chain security must be holistic in nature. By centralising the data and analysis in the program office, the enterprise is better able to put all the pieces together and see threats developing that were previously hidden in fragmented data. It can also help identify security gaps, weak points and vulnerabilities far more effectively.
Creating a toolbox of solutions and use it
Build a toolbox of security solutions to cover potential supply chain vulnerabilities. For most enterprises, this should comprise some combination of asset management, security monitoring, legal contract review and management, vendor/supplier security posture assessment, and authentication for system access.
Remember these tools are only effective if they are applied with the right approach, data correlation, and target product and services.
Maintaining and monitoring
Resist the temptation to think that reaching a level of compliance and security means the hard work is done.
Enterprises must establish the capabilities and commit the resources needed to sustain that security posture over time, remembering that both the threats and the organisation’s attack surface are constantly evolving.
The effect of new M&A, new operating models and other changes – within the enterprise itself and within suppliers – must be continuously analysed and accounted for.
Thinking holistically about supply chain security
In today’s hyper-connected world, and especially given the increased fluidity needed to manage the COVID-19 pandemic, the number of points of security vulnerability for connected enterprises are increasing exponentially.
An enterprise is only as secure as the weakest point in its supply chain network. Leaders must now look to expand their security strategies and processes, working with their suppliers to increase visibility, understanding the threats, potential applicability and impact to their organisation, and develop a range of flexible tools and best practices to mitigate the risks.