Reduce Operational Risk
Today’s supply chains are characterized by a global web of interconnected suppliers, manufacturers, transportation providers, and infrastructure, with complex and undiscovered dependencies. Furthermore, the dynamic nature of supply chains means that their components are constantly shifting, exposing them to risks from new directions.
The impact of supply chain failure on operations can be dire to businesses, organizations and customers, causing shortages of anything from toilet paper and vehicle chips during the COVID-19 pandemic, to more recent issues with supply of baby formula and children’s pain-relief medicine.
The picture becomes even more complicated when we factor in dependence on information technology. This dependence renders supply chains vulnerable to attacks carried out in the virtual sphere, but with grave consequences in the real world, such as the shutdown of the Colonial Pipeline due to a ransomware attack in May 2021.
A modern Supply Chain Risk Management (SCRM) program will illuminate your supply chain’s direct and indirect dependencies. This enables you and your SCRM provider to proactively seek risk mitigation measures and monitor risk levels in real-time. In addition, no SCRM program is complete without a cybersecurity component, to protect both your operational IT functions and your sensitive digital assets.
Protect Company and Customer Data
Hardly a month goes by without a hacking event perpetrated by malicious actors, illegally accessing anything from customers’ personal information and credit card numbers, to proprietary company information, to digital funds.
Just as a few examples:
- In December 2020, threat actors extorted security company Accellion by threatening to sell its data online unless a ransom was paid. $5M were paid to customers whose personal data was stolen.
- In July 2021, IT solutions developer Kaseya was a victim of a ransomware attack, putting at risk thousands of their managed services clientele. Hackers demanded $45,000 from each of Kaseya’s customers.
- In December 2022, a cybercrime drained more than $370 million from crypto exchange FTX, hours after it filed for bankruptcy.
Cyber attack scenarios such as these can cost commercial organizations millions of dollars in lost customers, damage to reputation, litigation expenses, and theft. The consequences can be even more severe when the target of the attack is a Defense organization, and a breach may affect national security and personal safety.
Open Doors to Government Markets
“In an effort to improve supply chain resilience and protect against material shortages, President Joseph R. Biden Jr. signed Executive Order (E.O.) 14017, America’s Supply Chains.”
“The DoD will need to work closely both internally and with its partners—interagency, international, and industry—to build strong and responsive supply chains in the coming years.” — “Securing Defense-Critical Supply Chains”, Dr. Kathleen H. Hicks, US Deputy Secretary of Defense |
Due to its critical impact on national security and economic robustness, it’s not surprising that the highest echelons of US Government and Defense are devoting thought and resources to SCRM policy and implementation. This results in frequently updated guidance documents such as NIST 800-161 (Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations), NIST 800-37 (Risk Management Framework for Information Systems and Organizations) and NIST 800-53a (Assessing Security and Privacy Controls in Information Systems and Organizations).
For companies who are (or plan to be) part of the Defense Industrial Base (DIB), implementing a sound SCRM plan is not only good for business operations, it’s also good for business. From the perspective of Government clients, vendors with solid SCRM programs are a lower-risk option than their non-compliant competitors. And although implementing an SCRM plan is not currently mandatory for DIB members, it may become so in the foreseeable future.