Cybersecurity and Supply Chain

2024 brings more of the same for business, increased volatility, risk, disruption and now more than ever, cyberattacks. With this we find a growing concern around cybersecurity.

This week, I received another letter from one of my insurance carriers informing me of their data "event", a.k.a. breach from the MOVEit hack. The insurance firm reported my personal data including my health records and more was exposed. And in that letter they offered the typical 1 year of free service for identity theft protection. What they also said is that the breach took place 6 months ago! The horses are already out of the barn and well down the road to the wild west! The impact to me personally is probably low but for most businesses, it's anything but low risk. What if your business cannot function or fill orders for 90 days?

If your business is not placing a high priority on protecting your business, and your supply chain(s), you are asking for big trouble. 60% of small businesses suffering a cyberattack will not survive. If that is you, your time is short. It's not an "IF" question, but a "WHEN" question. If that is one of your suppliers, your bottom line and customer service performance, not to mention reputation will suffer in a large way.

Alllowing this to be a passive activity is too little too late. And insurance is probably the last resort when else fails, never effective and not preventive. It is critical to have a PROACTIVE approach on this, simply from a comprehensive risk management position but also from a productivity and cost management plan. In Supply Chain Management, we hate surprises. And yet, too often we tend to leave risk management in a passive role. The game is quickly changing.

For the recent years, everyone has assumed that only the biggest players would be most likely candidates for cyberattacks, the east coast gasoline pipeline company for example, those with deep money pockets making them more attractive. Not any more! Hackers have realized that a faster, easier and more effective approach for them is the early entry of malicious code and back doors placed inside new product firmware and operating systems. The cyberattack capability is built in from the start on your hardware before you even own it. This opens the doors to exponentially more targets across the world generally.

Cost of not being prepared? According to Cybercrime magazine article, Dec 8, 2023, the cost of cyber attacks in 2021 was $6 Tillion. Expected to exceed $10. TRILLION by 2025. This is a business killer. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/

Being prepared is becoming easier, with the proper planning, skills and priorities. It is not just Purchasing doing an audit. It encompasses the entire organization applying a multiprong approach. Prevention is critical, training, (everyone with an email alias), and a tight protocol paying a major role. AI is also helping with detection and discovery. But as with many areas of business, the biggest quality gains comes by prevention. A big part of prevention is in supplier selection criteria being formally updated and on-going audting, by professionals steeped in technpology and latest tools to screen and test supplier environments.

If you are interested in beefing up your risk management roadmap, to become truly proactive in cybersecurity, you will want to understand the risks, and develop your prevention and mitigation plans. We are launching a new program in 2024 with effective cybersecurity protocol detailed as part of a supply chain management framework. Partnering with industry experts DevilDog Cybersecurity, we have an exciting agenda to help you set your plan. Contact [email protected] for details.