Q. Why Supply chain Professionals should care about Cyber security in 2024 and beyond?

Why Supply chain Professionals should care about Cyber security in 2024 and beyond.

Supply chain professionals, develop experience over time with dealing with uncertainty.

There are a series of unpredictable factors that can impact on the end company performance & therefore the end customer experience.

1. Supplier reliability

2. Demand Volatility.

3. Shipping & logistics issues

4. Product Quality problems

5. Macroeconomic and geopolitical factors

6. Ability of raw materials and required production / Distribution labour

Supply chain professionals like myself attempt to work through these issues, and take a current understanding of what the current pressure points are in the value chain, and sustainably work through a daily management & continuous improvement plan.

My specific speciality is in the area of Inventory optimisation and Demand forecasting.

However I have a further background in the area of systems deployment and upgrades, which leads me to the following point.

Arguably there is a correlation between supply chain reliability and cyber resilience.

For medium to multinational size businesses, there are high levels of integration across

i. Production planning systems

ii. Operational Technology (OT) including Factory line systems

iii. Demand forecasting systems

iiv. Reporting systems

v. Order to cash processes

vii. Procure to pay processes

viii. Warehouse management

ix. Logistics management

x. Customer and supplier facing portals

xi. Shared Documents

There has been a marked increase in Australia, and further abroad of cyber attacks.

Recently as of November 2023 Port & Terminal services operator DP world experienced a cyber attack which led to issues clearing containers at port.

Organisations are also being targeted in Australia with Fraudulent invoices being submitted to Accounts Payable teams, and Phishing attacks on Domain-based email addresses and SMShing attacks for corporate mobiles.

With other attacks on larger organisations, there has been an increased appetite to review Cybersecurity policies.

It is important to note that not all incidents are malicious or actually intentional, some are simply the accidental situation of account lock out, unintended change of transactional data or master data.

But with higher levels of integration, there are higher levels of the use of APIs that may rely on service accounts or credential sharing across systems.

The configuration of Role based access for established or new employees

Often, roles are copied from one employee to another, to simplify access across systems, networks and files.

Organisations may benefit from the development of a Business continuity plan (BCP) , across different systems and core business processes, in case of a loss of access to key systems, or a cyber incident.

Organisations may also benefit from:

a. The periodic review of access rights

Is the employee or contactor using their login, or are they still remaining with the business?

Do the roles accurately reflect the duties or functional tasks required with the role.

b. The establishment of Zero-Trust principals may apply, that access may be granted on exception, and that appropriate and adequate training is provided to them to limit the risk of accidental and unintended changes.

c. Instatement of MFA

d. Appropriate patching & governance of employee and contractor endpoints, including Laptops, Desktops and Mobile devices

e. Offensive security exercises, testing systems in case of internet or network outages and penetrative tests of internal networks.

f. Development of appropriate data retention policies and sensitivity labels for commercially sensitive information

g. Periodic training for cyber-security awareness across Employees and Contractors.

h. File level encryption of highly sensitive documents like Employee, Supplier or customer contracts.

i. Disaster recovery and cold-storage for select key systems and domain-sensitive data.

Written by Chris Mousley 1st February 2024