Tim Bandos, vice-president of cybersecurity, Digital Guardian, has provided an insight into how companies can best mitigate their supply chain risk
Bandos said companies across the globe, including in the Middle East, face the challenge of balancing strict data privacy rules, such as PCI-DSS and GDPR, with the growing need to leverage customer data.
With yet more regulations looming on the horizon, companies are under pressure to keep up with the latest legislation, guidelines and best practices to maintain compliance.
In addition to these pressing demands, finding better ways to mitigate supply chain risk is a further top priority. He added that this includes everything from applying rigorous cybersecurity technologies, processes, and supply chain management strategies, to implementing a framework to assess and monitor supplier integrity.
With supply chains becoming more complex, the consequential risk exposure for businesses is growing. And while the rise of third-party outsourcing has enabled corporations to innovate and boost efficiencies, with regulatory scrutiny tightening—and financial penalties in the face of compliance violations growing—taking steps to minimise risk, protect the smooth-running of operations, and assure customer confidence, is a vital yet tricky path to navigate.
Taking a holistic approach to data security is a must—and there are a number of steps organisations can take to mitigate their supply chain risk.
Know who you’re doing business with
Better due diligence on third-party relationships will improve transparency within the supply chain. But for many corporations, conducting this due diligence efficiently and effectively is a challenge when dealing with thousands of third parties and vendors.
Deploying efficient and automated screening and using machine learning algorithms to speed up this process, can reduce the cost and time frame of conducting due diligence on suppliers. Similarly, ongoing monitoring programmes can automatically flag if a supplier is connected to criminal activity or Politically Exposed Persons (PEPs) who pose a greater risk of corruption and bribery.
Address IT and cyber risks
A belt and braces approach should incorporate a vulnerability assessment and ongoing monitoring of the network and all connected devices, alongside the organisation’s websites, apps and firewall configurations.
Having remediated any gaps in IT security, the next step is to focus on updating processes to prevent these from reappearing, ensuring that the IT practices implemented are in line with industry standards to reduce the chance of unintentionally opening the enterprise to new risks.
Security awareness training for the workforce is the final vital step, ensuring that staffs are able to identify and avoid cyber threats like phishing, malware and scams. Utilising security tools to scan emails, manage communications and quarantine any malicious threats that make it through the enterprise’s security perimeter should also be in place.
Many organisations are eliminating the risks posed by the vulnerabilities of the traditional browser by disconnecting it from local IT and moving it to the cloud to create an additional layer of security.
Finally, when it comes to the transfer of personal or sensitive data between a supplier and vendor, compliance tools can help find data leaks before hackers do.
Understand supply chain dependencies
Modelling and analysing the supply chain—including identifying the operational impact of a critical supplier’s facility being out of commission—will help uncover any hidden or overlooked areas of high risk, revealing the dependencies and bottlenecks that will need to be addressed to minimise any potential disruption.
Automated risk assessment and advanced risk modelling can deliver the insights companies need to ensure they can quickly halt the use of unsafe suppliers or define operational risk management strategies.
This may lead to the further diversification of suppliers, or the signing-up of alternate suppliers who are poised to step in and replace parts of the supply chain in the event of a disruption.
Take an integrated approach to supply chain risk
Many organisations lack an integrated approach to managing the end-to-end delivery of products or services to customers that involves back office, middle office, risk management, business developers, finance and IT. As a result, they lack a clear picture of risk across the entire supply chain.
With each department working in silos and using their own methods and technologies to assess risk relating to their individual areas of work, it’s easy to miss the bigger risk picture until something goes wrong. At which point the available mitigation options are limited and can be very costly to implement.
Instead, organisations should take a more integrated approach and consider the impact of potential failure at any point along the supply chain—such as a data centre outage as well as evaluating how different business units collaborate to deliver on broader organisational goals.
Conclusion
The technology solutions can help organisations minimise risk in their supply chains, making it easier to automate workflows, compress the time needed for data mining and aggregation, and monitor large third-party data ecosystems. Similarly, utilising AI and integrated risk analytics can make it easier to identify and assess supplier related threats—including cybersecurity breaches, money laundering, insolvency, data mishandling and regulatory noncompliance—so that organisations can act promptly to manage or remove the risk source.