Would your supply chain survive a cyber-attack? 5 ways to tell

Right on the heels of Sony's run-in with hackers, the US cyber security firm, Cylance, is calling attention to the threat Iran poses in the digital landscape. Hackers aren't a new phenomenon, but the threat of cyber-attacks on American businesses is getting more common and potentially much more devastating than ever before.

It's easy to see why company leaders sweat over their own security these days -- but what about the security of their vendors?

              

As early as last summer, the International Maritime Bureau (IMB) called attention to the threat hackers pose to supply chains. Their message? Supply chains are more than just vulnerable; they are being actively targeted by criminals to disrupt business. So how can we tell if our supply chains are in danger? More importantly, how do we begin to uncover and fix tech-based weaknesses?

To start, here are 5 ways to tell if your suppliers are putting you at risk -- and what you can do about it:

• Update your supplier vetting checklist. Dig deeper into your key suppliers, and add cyber security concerns to your vetting process. What software do suppliers rely on to deliver goods and services? Be sure to research vulnerabilities in any off-the-shelf software they use. If you discover any, make sure to find out how your suppliers mitigate such risks internally. 

• Look for potential "weak links." Remember Target's payments system fiasco? Your security is only as strong as those you grant access to, and your suppliers' flaws are your flaws, too. How much access do vendors have to your systems, and what security training do their front-line employees undertake? What would hackers have access to on your end if suppliers' systems get compromised? Make sure any supplier facing openings in your security plan are properly walled off from sensitive internal systems. A solid SRM program provides a plan for formal risk and control processes management within supplier relationships. Even if your internal security precautions are flawless, independently operated third parties can sink your defenses -- especially when they are keyed into your core business processes.

• Redundancy is key. As the IMB notes, transportation systems may face extra attention from hackers. Unfortunately, most attention goes to physical security rather than cyber security in this sector. Do you have transportation and logistical backup plans in place in case primary routes are disrupted? Redundancy can be costly and a tough sell to upper management, so focus on the damage an outage would have.

• Test, test, test. Nearly every company has tech-based disaster recovery procedures in place, but too many fail to test them regularly. When was the last time IT fully tested your plan? If they haven't done so recently, coordinate such tests now. Circling back to strategies #1 and #2, require suppliers to disclose their own disaster recovery report cards on a regular basis as well.

• Develop internal partnerships. Speaking of the IT department, now is the time to bolster relationships with your CIO and get him or her in on supply chain initiatives. Too often, tech departments are only concerned with keeping security strong in their own house. Considering how much impact the outside world has on your supply chain, it makes sense to have external team members work closely with suppliers to manage tech risks before they come knocking.

While it may be impossible to know exactly what cyber threats will crop up next, one thing is for sure: Security will only become more important moving forward. Now is a great time to shore up your defenses and those of your partners.

Image courtesy of: freeimages.com