The digitization of the supply chain has taken many forms over the past few years. The information flowing between individual stakeholders and partner organizations can now move more quickly than ever before, and has become fuel for advanced analytics algorithms. This progress is ongoing, and leaders are seeking further advanced tech deployments, whether that means transferring information via blockchain ledgers, employing artificial intelligence as an analytics tool or adding automation to reduce the amount of rote transactional work each employee has to do.
Where IT modernization goes, however, the specter of cyberattacks follows. Criminals have become adept at stealing digital information, and companies have to be aware of the techniques preferred by these digital thieves. The need for vigilance and defenses around data isn't a reason to resist transformation or hold back progress. It is, however, critical to remember security when adopting processes and not let evolution get ahead of the ability to defend technology.
Attacks may come from unexpected quarters
The supply chain is defined by relationships between companies. Every organization counts on its suppliers, and recent digitization has increased the amount and speed of communication between these organizations. Spend Matters reported on presentations from the Institute for Supply Management ISM2018 conference, where speakers warned about the dark side of supply chain connections. Procurement in the digital age means setting up IT-based links with other companies that may have cyber vulnerabilities. Hackers, seeking the easiest path to value, may aggressively target those partner firms.
While the answer to that problem seems simple - limit business connections to security-conscious companies - putting up defenses is neither easy nor straightforward. Spend Matters noted that supply chain participants today are using so many tech endpoints that they may neglect to fully secure them. Between computers and mobile devices, firm have access to diverse operating systems and a huge variety of applications. The chance that one of those systems will possess an exploitable vulnerability is significant.
Panelists at ISM2018 pointed to relationship management as a key component of survival and resilience in such a tech-infused threat landscape. Procurement departments must collaborate closely with internal IT departments, external partners and government regulatory agencies to make sure they are maximizing their security.
Supply Chain Dive, also reporting from ISM2018, indicated that the collaboration between the public and private sectors will need some work over the coming years. Former National Security Agency director Keith Alexander and ex-CIA director John Brennan, speaking at the industry leadership gathering, delved into the ways companies can work with federal authorities to strengthen their own security profiles. While public-sector agencies see the potential of scanning data and searching for exploitative patterns, businesses may not want the government to have access to that data.
Liability protection extended by federal agencies to private organizations is one potential source of relief. The NSA and CIA could also use financial incentives to neutralize the costs of data sharing. Supply Chain Dive noted that while listing possible solutions, Brennan and Alexander highlighted the limitations of much-discussed options such as blockchain ledgers. While the blockchain has security potential, the speakers explained that in practice, it could just be another access point for criminals to breach.