Supply chain cybersecurity: better protection and policy alignment

Supply chain cybersecurity: better protection and policy alignment

Supply chain cybersecurity: better protection and policy alignment

According to a recent study conducted by the World Economic Forum, 39% of surveyed organizations in 2022 had been affected by a third-party cyber incident. In other words, they were “collateral damage” of a cyberattack on companies via their supply chain. Increasingly, threat actors are targeting small and medium-sized suppliers that may use less robust cybersecurity practices, with the aim of then surreptitiously accessing the systems of an intended target among their clientele. By breaking into the provider’s system, an attacker could potentially compromise any organizations which use the product or service – including larger companies, government agencies, and even critical infrastructure or essential services.

These incidents show the interdependence of companies, and the increasing need to address the security of the ICT supply chain as a whole by identifying and strengthening the weakest links. There is also a growing regulatory concern about supply chain security that is being translated into proposals ranging from reporting, or vulnerability disclosure, to restrictions or obligations on providers under various regulatory standards and frameworks.

How can companies better protect their supply chain to reduce risk and enable a more agile response?

Traditional approaches to supply chain risk management can present limitations, as they don’t increase cyber protection, are not generalized in their approach to diversifying and securing the supply chain, waste time and money, and lack cyber risk context. Importantly, small and medium-sized enterprises in the supply chains may struggle with responsible cybersecurity practices, including complying with recognized standards. Below is a selection of best practices on supply chain, some of which have been extracted from the RSAC ESAF Report “How Top CISOs are Transforming Third-Party Risk Management” based on Chief Information Security Officers (CISOs) interviews, and Telefónica’s own experience.

It is also necessary to standardise the approach to risk management, in a joint procurement and security strategy based on a principle of co-responsibility of employees and suppliers in meeting pre-established cybersecurity requirements, including on diversification. Management indicators to be periodically checked (including with audits) are needed to monitor and identify improvement points for action throughout all the supplier lifecycle, even at the termination. Key elements of such a strategy include the following:

  1. Focus on a set of priority security requirements based on an assessment of risk, a short list instead of overloading the supplier, and ensure monitoring, oversight, and compliance.
  2. Reduce the impact of third-party incidents via discrete actions like diversifying the supply chain, applying zero trust policies, developing incident response plans, conducting tests, and demanding early reporting of incidents by suppliers.
  3. Actively partner with suppliers to help them improve their security programs, offering service mechanisms and trainings to protect against or respond to incidents as they occur. Third-party incidents will happen, so preparing to manage the impact on the enterprise must be a core priority.
  4. Consider leveraging emerging technologies such as blockchain for information sharing and asset management to minimize the consequences of third-party cyber-incidents, as well as artificial intelligence and advanced analytics to scale incident detection and response capabilities.
  5. Add incentives and enforcements to contracts, setting requirements for suppliers based on international standards (e.g. ISO 27001 Information Security, ISO 27701 Privacy, ISO 22301 Security and resilience).
  6. Establish processes to increase business leaders’ involvement in managing third-party cyber-risks. Doing so needs to be a priority at the most senior levels.

Read more at Supply chain cybersecurity: better protection and policy alignment

Subscribe to us for new updates and leave your comments below.

Fintech for Supply Chain Finance: Streamlining Payments and Working Capital Management

How fintechs are revolutionizing the supply chain finance landscape.

How fintechs are revolutionizing the supply chain finance landscape.

The supply chain is the global economy’s backbone. It includes all of the activities involved in delivering goods or services from the manufacturer to the end user. Efficient supply chain financing is crucial for firms to maintain smooth operations.

However, supply chain financing can be complicated and costly due to the numerous players involved. This is where fintech enters the picture. This article will look at how fintech is helping to streamline payments and working capital management in supply chain finance.

What Exactly Is Supply Chain Finance?

Supply chain finance refers to a group of financial solutions aimed at optimizing the movement of cash along the supply chain. It consists of a variety of activities, such as invoice factoring, purchase order financing, and inventory finance. These solutions assist organizations in better managing their cash flow by giving access to working capital as needed.

However, supply chain finance can be complicated and costly. The typical technique comprises many middlemen, such as banks, insurance, and factoring firms, each with its own set of fees. This might lead to a lengthy and costly procedure with little transparency or flexibility.

How Fintech Is Helping to Simplify Supply Chain Finance

Fintech is changing the way supply chain finance is done. Fintech companies are streamlining payments and working capital management by embracing digital technology, making it easier and more cost-effective for businesses to manage their supply chains.

Fintech’s Advantages in Supply Chain Finance

There are numerous advantages to employing fintech for supply chain finance. Increased efficiency is one of the primary advantages. Automation and digital technology are being used by fintech companies to streamline the supply chain financing process, decreasing the time and cost associated. This allows organizations to concentrate on their core operations while improving overall efficiency.

Fintech Risks in Supply Chain Finance

While fintech has numerous advantages for supply chain financing, it also has some drawbacks. Cybersecurity is one of the most serious threats. Fintech firms keep sensitive financial data, rendering them vulnerable to hackers. Businesses should choose a trustworthy fintech supplier with strong security procedures in place to safeguard their data.

How Fintech is Revolutionizing Supply Chain Finance with Artificial Intelligence

Supply chain finance has become an essential tool for businesses looking to optimize their cash flow and improve their working capital management. By leveraging the power of technology, fintech companies are now incorporating artificial intelligence (AI) into supply chain finance, revolutionizing how businesses manage their supply chains and providing unprecedented efficiency and transparency.

Read more at Fintech for Supply Chain Finance: Streamlining Payments and Working Capital Management

Subscribe to us to get updates and leave your comments below.

How to analyse third-party risks in the supply chain

How to analyse third-party risks in the supply chain

How to analyse third-party risks in the supply chain

What are the cybersecurity, financial and other risks posed by third parties in the supply chain, asks Sri Rangachary, a Senior Director with ISG
Do you truly know your exposure to risk? With every third-party supplier an organisation uses, there is increased risk of being exposed to a security breach, a damaging reputational issue, or a human rights or environmental issue that could be buried within the supply chain.

We tend to think of disruptive events as happening once in a lifetime, but in reality, we should plan for them to be a regular feature of supply chains and manage them accordingly. Proper governance and rigorous supply chain review are critical.

What are the risks posed by third parties in the supply chain? The most obvious risks are cyber security or financial. Imagine if one of your supplier’s suppliers has a ransomware attack that spreads up the chain. Your security is only as strong as the weakest link in the supply chain. An event like this could severely disrupt your ability to do business.

But there are less obvious, newer risks from suppliers. Increasingly we’re seeing emerging threats from areas like environment, social and governance (ESG), and human rights.

Perhaps there are modern day slavery practices that you haven’t spotted, deeply embedded in the supply chain, or a supplier has been found guilty of corruption, or other unethical behaviour. It’s not enough anymore to claim ignorance, and you could lose your hard-won reputation by association with such practices.

You need the right processes in place to catch and head off these kinds of issues, early on.

Managing supplier relationships

The key to good supplier management is good information. What information do you need to mitigate your risk? I’m often asked: “How do I assess the risks from my supply chain?” The answer is in the information you get from that chain.

Look first at the information you have internally available. What is the acceptable risk level in your own business? Every organisation will have a different appetite for risk. A risk heat map is a great way to visualise the impact and likelihood of different risk categories, so you can develop the appropriate response.

The role of technology

It’s simply not possible for a person – or even a full team – to monitor every change and movement that could pose risk within the supply chain. This is where technology can help.

A good third-party risk management system can give you the information you need to monitor and mitigate risk, as well as keep on top of contractual commitments and the performance of your suppliers (including their ability to meet those commitments).

Read more at How to analyse third-party risks in the supply chain

Leave your comments below and subscribe to us for new updates.

What is Financial Risk Management and Why Study It?

green plant in clear glass vase

What is Financial Risk Management and Why Study It?

Every business, regardless of size, deals with some degree of risk. There are several variables to consider for every decision involving finance, and a certain amount of risk can never be avoided. But it can certainly be mitigated. As such, companies are increasingly looking to specialists in the field for expert evaluations to help make decisions that directly impact a business’ revenue. Read more about financial risk management and why it’s a promising career…

What is financial risk management?

Every investment comes with potential risks. In fact, there is no profit without risk. Contrary to what we are used to, risks in finance can be positive as well as negative. In short, a risk is any deviation from the expected outcome. Risk management is the necessary step of evaluating possible outcomes, analyzing potential gains and losses, and deciding on what action should be taken (or not) given the conclusions from the evaluation.

Why study it?

A 2019 report by Accenture indicated that new investment risks are emerging with unprecedented speed. The top three new challenges appointed by specialists were disruptive technology, data breaches, and operational risks. Moreover, climate change has become a factor to be considered as property, infrastructure, and land damage pose new challenges.

Sustainable economy

While some may believe financial risk pertains only to high-ranking CEOs and investors, it’s essential to understand how it affects everyone. A country’s population is entirely interconnected through its financial system, and poor financial decisions can lead to an unreliable market and a declining economy. Having a reliable financial market means a stable and sustainable economy, in which everyone will benefit from better living conditions.

Solve climate change risks

As mentioned, the reality of climate change can affect businesses and investments in many ways. Besides the physical risks of property damage, business disruption, and the need for relocation, factors like technological transition and policy changes need to be considered in a risk analysis.

Cybersecurity

Cyber risk is the number one threat to the global financial system, says U.S. Federal Reserve Chairman Jerome Powell. Financial institutions are prime targets for cyberattacks, and sector leaders have appointed cyber security to be at the top of their priorities, rising above every other potential risk. Risk managers need to develop strategies to effectively deal with the cyber threat in a world that relies on technology to keep the global economy afloat.

Cryptocurrencies

The recent boom in cryptocurrency assets can directly affect the overall financial system. A report by the Financial Stability Board has highlighted vulnerabilities in the crypto market, such as linkages with the regulated financial system, liquidity mismatch, and credit and operational risks. Blockchain intelligence companies have invested in risk management technology, but this remains a sector that will need to be followed closely as it further develops.

Geopolitics

Not many companies fully consider how geopolitics involves a variety of financial risks. Access to natural resources, proximity to countries in conflict, limits on foreign relations, corruption, and local culture are just some factors to consider in a risk analysis. Each location provides a particular financial scenario, and only by fully understanding this context can a business use it to its advantage.

Work opportunities

A specialized professional in financial risk management is necessary for every business. Many companies hire consultants or teams to anticipate exposure, quantify the risk, and plan mitigation strategies. As a risk specialist, you can work in sales, trading, marketing, banking, and many other sectors, while benefiting from the increasing demand for qualified professionals in the field.

Read more at What is Financial Risk Management and Why Study It?

Subscribe us to get more updates, and leave your comments below

Disney, Depp and the cyber supply chain risk management problem

One field-tested security strategy for information systems and digital content is to address the problem through processes, people and technology. On the process front, all companies involved in the production of digital IP should, by now, be adhering to a proven information security framework that fully addresses supply chain risks. That includes making sure your digital IP is protected at all times, even during post-production (or maybe we should say especially during post-production, given recent incidents).

Fortunately, there is a ready-made cybersecurity framework that companies can use, at no charge, thanks to the US federal government, which has done some sterling work in this area, namely the NIST Cybersecurity Framework.

The current version is a great way to get a handle on your organization’s cybersecurity, and the next version, currently in draft, goes even deeper into the need to maintain cybersecurity throughout the supply chain. For that reason, the draft is worth quoting at length:

“The practice of communicating and verifying cybersecurity requirements among stakeholders is one aspect of cyber supply chain risk management (SCRM). A primary objective of cyber SCRM is to identify, assess and mitigate “products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”

Read more at Disney, Depp and the cyber supply chain risk management problem

Leave your comments below or contact us for discussions.

Commentary: Managing risk in the global supply chain

The World Economic Forum defines global risk as an uncertain event that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years.
Global supply chains create both opportunity and risk. Some of the macro issues we face both in day-to-day operations and future planning include cybersecurity, terrorism, climate change, economic instability, and political discord.
More specific to executives who manage global supply chains, risk is more apparent, and on a micro-basis potentially more consequential in the short term, in areas such as but not limited to reducing spend, leveraging sourcing options, creating sustainability, political and currency instability, government regulations in the U.S. and abroad, trade compliance management, free trade agreements, energy costs, and what the incoming Trump administration will mean for global trade.
Since the recession in 2008-2009, we have witnessed a serious uptick in companies worldwide reviewing their operational exposure and then creating risk strategies in managing these vulnerabilities. Risk exposure can negatively impact margin, profits, growth strategies, operational stability and personnel maintenance.
For companies operating in global supply chains the risks are vast, convoluted and often unanticipated. As a result, we tend to be unprepared for the impacts.

Read more at Commentary: Managing risk in the global supply chain

We welcome any kinds of opinions, share it at the comment box below. Subscribe us to get updates in your inbox.