Digital Disruption at ConnXus: Supply Chain Security in a Virtual World

Supply chain management has been disrupted by a slew of innovation. E-procurement, machine learning, and automation are prominent players in the industry, along with the Internet of Things (IoT) connectivity. Although these tools help firms make smart procurement decisions, high reward also correlates with high risk. This year, IBM’s Threat Intelligence Report revealed over 4 billion records were leaked globally, costing an average of $3.62 million, or $141 dollars per lost or stolen record. Roughly 50% of data breaches in the finance and healthcare industries were inadvertently caused by inside actors (employees and supply chain stakeholders), while 90% of data breaches in manufacturing, retail, and communications were caused by outsiders (1, 2). These alarming statistics point to a growing need for cybersecurity in supply chain.

Finding the Weakest Link

When thinking about security hacks in an industrial setting, one might picture a rogue machine harming products or workers within a warehouse. However, the more likely scenario is hackers targeting smart devices for proprietary information or commercial sabotage. Mobile and connected devices are increasingly popular in procurement; each connected device increases ease of access but also increases the risk of a security breach. As cybersecurity experts like to say, “it’s not a matter of whether, it’s a matter of when” (3). Devices should be secured with fallback protection to disable malicious programs from spreading further harm, and individuals need to fight potential hackers by monitoring devices and firewalls continuously.

Don’t Keep Your Head in the Clouds

It’s important for firms to understand the advantage of cloud computing for them to know when to apply the technology. But it’s equally as important to understand when not to use it. Modern-day networking should not solely be replaced by a cloud solution. For example, the transportation industry has invested in the idea of autonomous vehicles for years. An autonomous truck should validate any commands given by its operator, and make sure that these commands are within the scope of the system, able to be carried out solely by its onboard system. In areas of high risk or sensitive proprietary information, safety devices should have built-in redundancy and hard-wired braking systems, isolated from any network that can be hacked. From a software perspective, control systems should be housed within a physical premise behind a local network firewall (4).

Out With the Old, In With the New

Updating old security systems should be a top priority, as outdated systems cannot adequately handle cybersecurity threats. Having an outdated system can be equal to having none at all. Though blockchain technology is promising in inventory management, some firms have also begun to invest in it as security. Currently, a blockchain is virtually unhackable, and can protect a firm’s supply chain from cyberattacks while streamlining procurement. Blockchain is a set of protocols synchronizing data and transactions across a network by verifying each participant with each other. This redundancy and cross-checking makes transactions reliable, removing the security risk of a central intermediary while providing the benefit of verifying and sharing truthful data between business partners (5). In supply chain, this technology allows firms to automate contracts and accounting transactions, decreasing the windows for human contact and cyber attacks (6). Firms should assess their current security systems and educate themselves on cyber risks before exploring possible solutions.

Education and Compliance Begins With You

Acknowledging the security risks of today’s technology is not enough. Firms should recognize that cybersecurity is a vital investment insuring against costly problems down the road, ones that can hurt manufacturing production, brand reputation, and consumer trust. Continued education and training is important in this environment, from a firm’s own employees to vendors in its supply chain. Doing business with insufficiently protected suppliers can put a firm’s whole supply chain at risk. Carriers with high turnovers rates and seasonal crews may not do enough to educate their employees about the cyber risks of personal devices, leaving opportunities for hackers. Building protection and compliance standards into contractual relationships and encouraging staff training will fortify cybersecurity across a firm’s supply chain (7, 8).

ConnXus Enables Cyber Security Risk Alerts

As a software company familiar with proprietary business data and confidential industry relationships, ConnXus is careful with cyber security. Our goal is to support your supplier management needs with robust and secure tools. In the first quarter of 2018, clients will have the option to embed real-time updates of cyber security threats and malware attack alerts while monitoring ConnXus dashboards. We will also tighten security requirements with two-factor authentication during the sign-in process. ConnXus will continue to innovate and improve product solutions to better serve your organization in the future.