By Christine Parizo
Cybersecurity is top of mind for many supply chain management executives. A Willis Towers Watson survey of 350 senior executives in the air, sea, rail and road transportation industries found that, at sea and on land, cyber threats and data privacy topped their list of concerns.1 Part of that stems from increased use of technology, from automation to the Internet of Things, which leaves openings for attackers to cause disruptions from anywhere in the world.2
The cost to recover from these breaches can be large, not just in terms of securing the compromised system but in lost sales, damage to the company’s reputation and fines from regulatory bodies should the company be found not in compliance with standards. For example, a U.S. home improvement retailer paid $19.5 million in 2016 to compensate 40 million customers whose credit card information was stolen in a prior cyber breach, as well as an estimated $43 million in expenses related to the breach.3
Part of the problem lies with third-party vendors that many companies use for supply chain management and its many facets, like logistics. The cybersecurity breach mentioned above happened through a third-party vendor through which hackers gained access to the retailer’s network. They proceeded to install malware on the company’s system to continue collecting information.4
One recommendation from experts is that supply chain managers thoroughly evaluate all third-party vendors to ensure their cybersecurity measures meet the managers’ own standards.5 It is important to identify every partner that has access to the company’s systems and assess the measures they use to protect data. Executive management can require standardized protocols for logins, passwords, badges and encryption for all vendors used by the company. Experts also recommend ongoing audits and monitoring to detect and prevent breaches.6
While threats in the virtual world may be top of mind for supply chain management, physical threats from theft, including piracy, also jeopardizes the supply chain. Cargo shipping, particularly by sea, may seem more secure; losses have declined by 45 percent from 2006 to 2015 thanks to more safety and self-regulation.7 But pirate attacks haven’t declined, and attacks in Southeast Asia have actually risen to make up 60 percent of all incidents.8
Cargo theft incidents are on the rise, occurring almost four times more frequently in 2015 than just four years prior, requiring supply chain management to include vetting at every point. According to Security magazine, background checks for drivers, employee training, physical security measures, understanding global regulations and video surveillance of docks, warehouses and gate areas can help mitigate against losses, particularly in pharmaceuticals and electronics, where the thefts are the costliest.9
Remote monitoring and video surveillance can be particularly helpful in preventing thefts. For example, United Iron and Metal installed cameras and remote monitoring to create a virtual border around its facility in Baltimore, Maryland, and the technology has cut security costs while providing specific information to help track down intruders.10
Uniphar Group took it a step further, doubling the number of cameras in its warehouses to fully track the order process, from creation to picking and packing. This not only improved security but also increased efficiency and allowed Uniphar to refine its processes.11
Experts recommend maintaining visibility throughout the supply chain, using real-time cargo location information and creating a chain-of-custody protocol to satisfy regulatory and other compliance concerns. Supply chain managers also are advised to include risk mitigation procedures that monitor criminal activity and engage with law enforcement to assist with recovery of stolen goods.12
The supply chain faces many physical and cyber risks. To mitigate those risks, supply chain management may wish to include thorough vetting of third-party vendors, as well as employees. Companies may also wish to use technology to track and monitor their supply chains – which may create the added bonus of helping to uncover potential efficiencies.
1. "Transportation Risk Index 2016: Navigating risk in the transportation sector,", Willis Towers Watson; https://www.willistowerswatson.com/en/insights/2016/09/transportation-risk-index-2016
3. "Home Depot Agrees To $19.5 Million Settlement To End 2014 Breach Nightmare", ThreatPost; https://threatpost.com/home-depot-agrees-to-19-5-million-settlement-to-end-2014-breach-nightmare/116884/
4. "Is your supply chain safe from cyberattacks?", Supply Chain Quarterly; http://www.supplychainquarterly.com/topics/Technology/20150622-is-your-supply-chain-safe-from-cyberattacks/
7. "Long-term decline in shipping losses continues but economic pressures, cyber risk and superstorms challenge safety progress", Allianz; http://www.agcs.allianz.com/about-us/news/safety-and-shipping-review-2016-press/
9. "Hardening the Supply Chain", Security; April 2016 edition.
10. "Securing Supply Chains One Link at a Time", Security; http://www.securitymagazine.com/articles/86204
12. "Hardening the Supply Chain", Security; April 2016 edition.