Hacked to Death: Data Security in Supply Chain

Hacked to Death: Data Security in Supply Chain

Russia did in fact hack and influence the United States’ presidential election. This widely reported story is based on information from “a former British intelligence operative, whose past work US intelligence officials consider credible”. Yes, it’s true… we’re literally living in a James Bond movie, and the villain is still at large.

Crisis of Connectivity

Digitization is the most important megatrend affecting supply chain strategy today. Visibility to both demand and supply has, in the blink of an eye, evolved from a notoriously slow, clunky process of transmitting batch data to a nearly incomprehensible supernova of constant information. Cisco tracks global internet traffic and, as the table below shows, this flow has grown 300-fold since the turn of the century. Connectivity is everywhere, but it’s not always good.Chart showing the historical benchmarks for total internet traffic. Source: Cisco VNI, 2016.In supply chain terms, this includes order data, engineering information, prices and contractual terms. Layer on top of this machine-to-machine connectivity, remotely guided vehicles and even more ominously, digitally linked smart products, and we’re suddenly accountable for a lot more than just secrets. Connectivity may be the ultimate double-edged sword.

Rising Risk

In our annual Future of Supply Chain survey this past fall, not only did “data security/IT incidents” rank highest overall among 13 separate risks considered with 30% of 1,408 respondents saying they were “very concerned”, it has also risen fastest.Chart showing the percentage of respondents that are "very concerned" about each risk year-on-year. Based on 4491 survey respondents across 4 surveys.More tellingly, the anxiety rises with seniority. Among 126 respondents at the Senior Vice President level or higher, the portion saying they’re “very concerned” is still higher at 37%.

Graph showing the top supply chain risks from a c-level view, based on 126 survey respondents.Splitting these survey results by industry tells another story about who might be asleep at the controls. Hi-tech respondents, for instance, are nearly twice as likely to cite this problem as a major concern than are industrials, while half of healthcare and pharmaceutical respondents consider it a minor worry. The fact that hi-tech gets it first is not surprising given their familiarity with the technology itself. Others might be wise to follow their lead.

What to Do

Last year, the US National Counterintelligence and Security Center (NCSC) produced a video intended to help supply chain professionals protect against hacking. Its recommendations are a common sense breakdown of questions procurement professionals should consider when engaging suppliers. Geraint John of SCM World, whose research on sourcing and supply chain risk offers valuable frameworks on this topic, breaks it down in a blog post written last summer.

Unfortunately, as the Russia revelations suggest, the bad guys seem to be a step ahead, which means investments in vigilance are going to have to increase. From a tools perspective, security should evolve like any other technology business with market-driven innovation delivering improvements in network, software and hardware access control. Expect to spend money on security in supply chains in the same way that you’ve gotten used to upgrading your mobile phone every two years. It is a spiral that you cannot afford to shun.

Another idea is the use of supply chain segmentation strategies. Supplier management excellence includes developing deep trusting relations with certain suppliers, while maintaining more arms-length links with others. The known cost, service and innovation benefits of tight supplier collaboration will increasingly include security tactics that streamline information flow without risking attack. Sort of like TSA Precheck for supply chain.

Segmentation applies to customers and channels too, with different levels of priority, service and information sharing for each segment of your fulfillment supply chain. Retailers, interestingly were the second most concerned among industries about data security/IT incidents (hi-tech was first). Their need to protect consumer data should make them receptive partners in efforts to improve supply chain data security.

The Fatal Virus

Business in general, and supply chain management in particular, depends on trust. Consumer confidence underpins commerce because we’ve grown accustomed to retailers having our personal information already loaded in their systems. The same is even truer upstream, with manufacturers who share design data, trade secrets and market information with suppliers and contract manufacturers.

Seeds of fear and doubt, once sown, are deadly. If they take root and spread, everything could quickly grind to a halt.

Get ready to pay for protection.


Author Kevin O'Marah

Chief Content Officer, SCM World

More posts by Kevin O'Marah