Skip to content
Search AI Powered

Latest Stories

Perspective

Cybersecurity and your supply chain

Properly vetting suppliers—and making data security a condition of doing business—can help reduce vulnerabilities to cyberattacks.

By now, everybody on the planet is aware that criminals have at various times hacked into the customer databases of giant retailers like Target and Home Depot, and that even government agencies—including the military—are not immune to such crimes. But what many of us don't realize is that our supply chains are also vulnerable to electronic infiltration.

As Drew Smith, founder and CEO of the computer security company InfoArmor, writes in "Is your supply chain safe from cyberattacks?" in the Q2/2015 issue of CSCMP's Supply Chain Quarterly, global supply chains are highly reliant on the rapid sharing of data among supply chain partners. Yet each of these relationships represents a potential point of access to an organization's proprietary information. Exchanging data with suppliers, it turns out, is risky business.


While Smith's article offers plenty of interesting background, such as the extent of security breaches and the most common types of attack, it's that last sentence that deserves your full attention. Today's integrated, interdependent systems, he writes, are rife with cybersecurity risks. These include the transmission of information to and from vendors; open access to data rather than "need to know" access; frequent changes in suppliers and products; a lack of standardization of security protocols among suppliers and other supply chain partners; and obsolete or infected hardware and software.

Smith argues that cybersecurity should therefore be an integral part of supplier vetting, and that every buyer should require its suppliers to meet specified security standards. "One of the most important and effective steps you can take," he writes, "is to include cybersecurity protocols, conditions, and capabilities in the procurement function's approval criteria for all potential new vendors."

The Home Depot security breach came about because criminals obtained and manipulated vendors' computer credentials. Target was compromised because a service provider failed to follow accepted information-security practices. If cybersecurity standards are not currently included among your vendor-approval criteria, I urge you to circulate Smith's article in your procurement organization, and to conduct a risk assessment soon.

Recent

More Stories

photos of grocery supply chain workers

ReposiTrak and Upshop link platforms to enable food traceability

ReposiTrak, a global food traceability network operator, will partner with Upshop, a provider of store operations technology for food retailers, to create an end-to-end grocery traceability solution that reaches from the supply chain to the retail store, the firms said today.

The partnership creates a data connection between suppliers and the retail store. It works by integrating Salt Lake City-based ReposiTrak’s network of thousands of suppliers and their traceability shipment data with Austin, Texas-based Upshop’s network of more than 450 retailers and their retail stores.

Keep ReadingShow less

Featured

minority woman with charts of business progress

Study: Inclusive procurement can fuel economic growth

Inclusive procurement practices can fuel economic growth and create jobs worldwide through increased partnerships with small and diverse suppliers, according to a study from the Illinois firm Supplier.io.

The firm’s “2024 Supplier Diversity Economic Impact Report” found that $168 billion spent directly with those suppliers generated a total economic impact of $303 billion. That analysis can help supplier diversity managers and chief procurement officers implement programs that grow diversity spend, improve supply chain competitiveness, and increase brand value, the firm said.

Keep ReadingShow less
Logistics industry growth slowed in December
Logistics Managers' Index

Logistics industry growth slowed in December

Logistics industry growth slowed in December due to a seasonal wind-down of inventory and following one of the busiest holiday shopping seasons on record, according to the latest Logistics Managers’ Index (LMI) report, released this week.

The monthly LMI was 57.3 in December, down more than a percentage point from November’s reading of 58.4. Despite the slowdown, economic activity across the industry continued to expand, as an LMI reading above 50 indicates growth and a reading below 50 indicates contraction.

Keep ReadingShow less
pie chart of business challenges in 2025

DHL: small businesses wary of uncertain times in 2025

As U.S. small and medium-sized enterprises (SMEs) face an uncertain business landscape in 2025, a substantial majority (67%) expect positive growth in the new year compared to 2024, according to a survey from DHL.

However, the survey also showed that businesses could face a rocky road to reach that goal, as they navigate a complex environment of regulatory/policy shifts and global market volatility. Both those issues were cited as top challenges by 36% of respondents, followed by staffing/talent retention (11%) and digital threats and cyber attacks (2%).

Keep ReadingShow less
cargo ships at port

Strike threat lingers at ports as January 15 deadline nears

Retailers and manufacturers across the country are keeping a watchful eye on negotiations starting tomorrow to draft a new contract for dockworkers at East coast and Gulf coast ports, as the clock ticks down to a potential strike beginning at midnight on January 15.

Representatives from the International Longshoremen's Association (ILA) and the United States Maritime Alliance (USMX) last spoke in October, when they agreed to end a three-day strike by striking a tentative deal on a wage hike for workers, and delayed debate over the thornier issue of port operators’ desire to add increased automation to port operations.

Keep ReadingShow less