February 2019 | Commentary | Supply Chain Security

The ABCs of Supply Chain Cybersecurity

Tags: Supply Chain Management, Security, Supply Chain

Supply chain cybersecurity is one of the biggest issues facing logistics planners.

Matan Or-El, Co-Founder and CEO, Panorays, 929-356-2004

Supply chain cybersecurity is one of the biggest issues facing logistics planners. In fact, 80 percent of all cyberattacks take place in the supply chain, according to the SANS Institute.

As cybercriminals leverage techniques to hack a part of the supply chain that can then be used across an entire industry, here are the ABCs of fighting back.

A is for automation. It is key to protecting your supply chain.

B is for being aware. More third parties are being added to the supply chain while new data privacy regulations take effect. At the same time, cybercriminals are dynamically changing their tactics to stay ahead of the latest technologies—and they are succeeding at an alarming rate.

Many attacks are difficult to detect; as a result, companies are often unaware that they are being breached. Fifty-nine percent of companies experienced a third-party data breach, yet only 16 percent say they effectively mitigate third-party risks, indicates a Ponemon Institute survey. And the average number of third parties that companies employ grew from 378 in 2016, to 471 in 2017, to 588 in 2018.

C is for checking the chain. To avoid breaches, companies must manage their third-party security. Checking the chain seems daunting, but you can't sidestep it or accomplish it through one vetting process. Companies that employ vendors and suffer data breaches can face stiff penalties for not complying with data privacy regulations, along with damage to their reputations.

The only way to effectively review today's large and complex supply chain is to automate the processes. It's no longer practical for companies to take months filling out a paper questionnaire and having it reviewed. Because cyber posture constantly changes, most paper surveys are obsolete before they even hit the desk. Automating these processes means that companies can vet third-party vendors in days and not months and can continuously monitor them for changes.

Security inquiries can check for compliance with key regulations. Automation also offers a way to define relationships along with access to only the data that is necessary for collaborating. Identifying the riskiest vendors is the key to defining a well-prioritized mitigation roadmap.

D is for defendable cyber postures. Automated continuous monitoring alerts teams to any change in a company's or vendor's cyber posture. Companies can act on that information immediately. Latest technologies allow companies to have an ongoing conversation with their vendors to remediate any security holes and to be aware of any changes.

Companies should ensure that all vendors are aware of and comply with corporate best practices and legal policies. Spelling out liabilities and consequences to vendors ensures that everyone follows the same game rules.

Automation opens up meaningful collaboration with vendors and defends against compliance violations. It saves money and reputation, expedites vendor approvals, and keeps the supply chain secure.