More

    Exploring Top Security Risks in the Supply Chain

    The use of Internet of Things (IoT) technologies enables retailers and manufacturers to better track their products from the beginning of the manufacturing process at their source vendors all the way through delivery to the end customers. It can alert the retailer and manufacturer of discrepancies as they happen, saving them from discovery by the retailer or customer after delivery, says Dan Mitchell, director of the Global Retail Practice at SAS.

    There’s no doubt that the IoT has had a profound effect on the supply chain, adds David Hood, ‎director, Technology Marketing, with Mimecast, as the ability to harness data points and apply Big Data technologies makes companies far more responsive and adaptable to shifting demand. “Collaboration inter-company has never been easier with platforms that promote sharing information, documents and key data. The challenge is doing so while still being cognizant of the security and data risks that exist.”

    Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

    Security Risks in the Supply Chain - slide 1

    Exploring Supply Chain Security Risks

    Click through for more from Sue Marquette Poremba on the technologies and security risks organizations need to be aware of and address in the supply chain.

    Security Risks in the Supply Chain - slide 2

    Technologies Used in the Supply Chain: RFID

    RFID tags have quickly become a big part of the supply chain for tracking inventory, according to Jim Dempsey, Panasonic Mobility’s enterprise business development manager. “From the store perspective, RFID tags track inventory and can alert managers on the front end when inventory is running low so they can alert supply chain managers to ship additional inventory,” he says.

    Security Risks in the Supply Chain - slide 3

    Technologies Used in the Supply Chain: Mobile

    Although the supply chain has been utilizing mobile devices for several decades, today’s advanced devices, ubiquitous mobile broadband and fully integrated business-class applications are streamlining pick-up and delivery, route management and field sales, says Kevin Beasley, CIO at VAI. “Using today’s affordable and user-friendly mobile devices, businesses can track current inventory levels and push sales offers to field personnel in real time, so that the customer is not only receiving personalized service but also special offers instantly.”

    Security Risks in the Supply Chain - slide 4

    Technologies Used in the Supply Chain: GPS

    “With improved GPS accuracy, advances in temperature sensing, and product serialization (authenticity), professionals can get a better understanding of the health of their supply chain — as it’s happening in real time,” says Rob Cheng, head of growth at Elementum. “This translates to fewer stockouts, shorter wait times, increased quality of goods, and ultimately higher customer satisfaction.”

    Security Risks in the Supply Chain - slide 5

    Supply Chain Security Risk: Phishing and Whaling

    Mining capabilities have become very sophisticated, Beasley points out, and this has brought an increase of phishing and whaling attempts within the supply chain. This includes attempts to acquire usernames, passwords and credit card details, and sometimes money, by masquerading as a trustworthy person in an electronic communication. “Companies should be aware of supply chain impersonation and should carefully monitor email, know who email is truly coming from, and understand there are wire transfer risks,” says Beasley.

    Security Risks in the Supply Chain - slide 6

    Supply Chain Security Risk: Compromised Data

    Michael Lucas, Chairman of i3 Brands, uses the example of compromised pharmaceutical data, but all intellectual property is at similar risk.

    “Pharmaceutical data is comprised and locations and access to source ingredients for essential treatments (vaccines, opiates, etc.) could potentially be stolen,” Lucas says. “Once a company loses access to the ingredients of a highly sought after drug, it could have ripple effects throughout the supply chain that could inflict serious harm on the consumer.”

    One potential solution is for manufacturers to work in coordination with governments to implement stronger collaborative security measures across the secure supply chain, including a mutual exchange of information about potential external threats.

    Security Risks in the Supply Chain - slide 7

    Supply Chain Security Risk: Lack of Encryption

    Because this is highly sensitive data, it can be a big target. Most companies don’t have the time and resources to properly secure it, while making sure their business users have the tools they need to be successful, explains Brady Cale, VP of Engineering at Taulia. “Companies shouldn’t feel the need to take on all the responsibility for protecting against this on their own, but rather partner with organizations that are employing the top standards to keep their data safe and secure at all times,” he says. “At Taulia, we do this by encrypting all data to the latest standards (AES 256) at rest and in transit. We have user-level authentication/access controls and functionality to ensure the user can only see information that is within their scope.”

    Security Risks in the Supply Chain - slide 8

    Supply Chain Security Risk: Third Parties

    Collaboration within the supply chain helps to drive productivity and improve on innovation. But third parties are a huge risk because a security incident on their end could end up affecting your supply chain. “The IoT is a big productivity-enhancing next step, but with the expanded interoperability comes expanded exposure to email-borne threats and attacks,” says Mimecast’s David Hood. “A coordinated approach to expanding interaction while ensuring security is a prudent way to get involved with the IoT and the main benefits it represents.”

    Security Risks in the Supply Chain - slide 9

    Supply Chain Security Risk: BYOD  

    BYOD in the supply chain can cause major security issues given the role the supply chain plays in a variety of industries from retail to auto manufacturing, says Dempsey. He recommends that organizations take a layered approach to mobile device security as part of their supply chain security strategy that includes the following steps:

    • Hardware level (Enterprise-grade chips)
    • Software-level encryption
    • Compatibility with major multi-factor authentication programs
    • Secure VPN technology
    • Work with enterprise-grade mobile hardware providers that have experience in secured mobile device deployment in the supply chain

    Latest Articles