It is necessary to choose suppliers who are trained in cyber security
We all know how valuable a supplier of goods or services can be, with whom you have an ongoing relationship based on trust. This principle is valid in everyday life, but even more so in a company’s operational activity and organization.
We now live in a globalized world where medium and small enterprises have opened to the international markets and have undertaken global sourcing to find worldwide level suppliers able to assure a more favorable price and guarantee the necessary savings to the business company. Therefore, they have delegated increasing portions of the activities to suppliers also very far away.
We are referring to the supply chain, meaning the process that brings, through various steps, a product or a service from the supplier to the final customer.
It deals with a complex process that involves various professional figures and triggers multiple functions of the ecosystem-enterprise: from the raw materials to the logistics. But the same concept can also refer to aspects of managerial coordination used to optimize the individual links in the chain. In this case, we refer to Supply Chain Management and the set of factors that make it possible to carry out the previous phases.
The weak link in the global market is still the human factor
As we were saying, with the globalization of markets, the intensification of the flow of raw materials, and the advent of e-commerce, has taken a completely different dimension and much greater complexity than a few years ago.
These global processes have lengthened supply chains, making them less controllable, increasing companies’ dependence on infrastructures that are at times unfamiliar and potentially critical. In a chain that is difficult to control, the weak link can hide anywhere, even in the human factor. Proof of this is the increasingly frequent and harmful cyber-attacks.
The fact is that cyber damage to companies is increasing. ENISA, the European Union Agency for Cyber Security, warns us of this. Its report, Threat Landscape for Supply Chain Attacks, presents a list of 24 incidents that have affected the supply chain in the period between January 2020 and the beginning of July 2021.
According to the study, based on the observed trends and patterns, supply chain attacks increased in number and complexity in the year 2020. This trend continued into 2021, with attacks increasing four times in the first six months compared to 2020.
The most commonly used attack vectors include malware infection, social engineering (phishing), brute-force attacks, and exploiting software vulnerability. Regardless of the attack technique used, the goal is always to gain access to:
- Customer Data (58%),
- Key People (16%),
- Financial Resources (8%).
Replacing trusted suppliers with unknown ones?
The pandemic crisis is undoubtedly among the factors that have contributed to this upsurge in cyber risks. The pandemic has led to a significant increase in the use of the net for business purposes (home working) and e-commerce. All this has undoubtedly contributed to the rise in the area of attack.
The pandemic has also generated, on a global level, a severe supply problem, still not wholly overcome, which has seen trusted suppliers replaced by unknown ones. So much so that, according to the findings of a study commissioned by Reichelt Elektronik from research institute OnePoll conducted in January 2022 on a sample of 250 IT decision-makers in the Italian manufacturing sector, only 62% of respondents in Italy still have hope in a possible supply chain upswing.
Based on the study from the first semester of 2021 to the present, the increase in production shutdowns during the last twelve months has stood at 20%, for a total average of about 44.2 days, due to delays and slowdowns along the supply chain.
A stop that few can afford and that has triggered the search for new suppliers in most of the companies involved.
New certified providers wanted
We are all familiar with the risk of “leaving the old road for the new.” So, alongside the new contacts that have become new links in the chain, the risks of incorporating vulnerabilities into the various stages of production have increased. In short, when you have to quickly decide between “take it or leave it,” the first to suffer is security. And we all know this is risky.
It only takes one mismanaged breach, one weak link, to disrupt the entire chain and put all the companies involved at risk.
So, to alleviate these risks, it’s necessary to choose trusted partners and assess the supplier full circle. There are well-established criteria for choosing: cost, quality, references, reputation, ethical standards, and customer service.
But one criterion must be put at the top of the list, which is imperative today. Adequate Cyber Security Awareness training must be verified and ideally certified on suppliers throughout the supply chain.
Let’s consider that 90% of cyber-attacks in the world can be traced back to human error and that hackers take advantage of weak links in the chain. We need to be sure that all the supplier personnel involved in the supply chain are up to the task of effectively dealing with cyber risks related to digital technologies. An assurance that can be provided by a verified certification obtained for having carried out the proper training that is backed by good training programs.
In short, however valuable a supplier may be, their proven and certified Cyber Security Awareness training can no longer be regarded as a detail, especially when cyber weakness on someone’s part can generate significant economic loss and compromise the bottom line for all involved.