It’s a well-established fact of daily procurement work that cost reduction remains a core function. But a cybersecurity expert warns that the cost of reputational damage and business disruption resulting from security vulnerabilities in supply chains could be fatal unless professionals concerned with supply relationship management implement robust protective measures.
Writing for the Procurement Leaders blog, Azeem Aleem, an authority on cybersecurity solutions, emphasises that today’s cybercriminals are well aware that a company’s suppliers hold sensitive client data, offering them potentially massive returns on their nefarious endeavours. In 2016, he notes, three Chinese nationals were charged with security offences after making a cool $4m through insider trading using stolen data hacked from a US legal firm.
Companies specialising in businesses services, Aleem notes, are increasingly exploited by cyber crooks to open unauthorised routes into the corporate networks of high-value clients and their sensitive data caches. The effects of such breaches, he observes, often: “have devastating effects on both supplier and partner, leading to reputational damage and financial loss.” Aleem acknowledges that, while no firm can become 100% breach-proof, all can mitigate risks with a series of essential actions. Procurement pros in collaboration with IT colleagues should, he recommends, conduct thorough data classification and mapping exercises, so that it’s clear not only what data is held, but also how it moves through the supply chain. This can identify vulnerability points.
Also, suppliers handling high-risk data should have regular audits to ensure their cybersecurity conduct matches the end clients’. Aleem adds: “Multifactor authentication, least privilege access controls, and multi-layered threat defences at the network, physical and cloud server, endpoint and gateway levels should all be considered alongside regular vulnerability testing and patch management and security awareness programmes. This should extend to any temporary or contracting staff.” Enlisting third-party cybersecurity experts, Aleem concludes, can help prevent reputational and financial catastrophe. Prevention is better than cure, especially if the cure is posthumous.