The integration of technology in supply chain management has greatly changed supply chain nature. This has an impact on how companies conduct themselves and their business with efficiency. The impact of technology on the supply chain has been a greatly positive influence. However, the rapid technological innovation has left companies vulnerable to attack. As a result, this has changed the way we think about supply chain security.
In this report by information security company SANS Institute, two aspects of supply chain are highlighted as vulnerable to security issues. The first are materials – the physical interruption/manipulation of stock, policies, or transportation methods. Companies have an extensive history in dealing and are using better tech as solutions. The second aspect focuses on what SANS Institute calls “Infrastructure-as-a-service.” These are the non-physical elements of a supply chain that can be affected by virtual disruptions, intellectual property theft, and malware attacks. Generally, this aspect focuses on cyber security incidents.
Protecting inventory and materials throughout the supply chain is nothing new. However, current supply chain security focuses revolve around improving technology for shipping and protecting inventory. Supply chain security risks can range from large-scale events such as piracy to smaller-scale events such as employee theft. For smaller-scale events such as theft and shipment interception, profitability and resale potential are driving factors.
Historically, large-ticket items such as electronics and jewellery have been prime targets for supply chain risks. But, these have fallen out of favour recently due to improved loss-prevention strategies. These new supply chain security measures include the use of RFID tags and serial numbers becoming standard for expensive items. As a result, this has driven targets to low-value items that cannot be traced. This also increaes the difficulty of successfully making off with high-value shipments.
In recent years, supply chain cyber security issues have become more important with increasing risks. Cyber security risks are no small issue. Although attackers don’t necessarily take physical assets, cyber security breaches can seriously damage to a company. The trend of cyber security breaches continues to grow. 2014 saw 783 cyber security breaches in the United States alone, affecting high-profile companies like Target, Sony, and Home Depot.
Target Data Breach, 2013
Target’s data breach in 2013 is important as it highlights how vital information security is to a firm. This breach of credit and debit card information for more than 40 million customers did not happen through an Internet connection. Instead, it happened through the connection of a vendor working for Target. The hackers responsible for the leak gained access by phishing from Target’s HVAC contractor. After gaining access through a vendor account, the hackers were able to install malware to collect info through remote system access.
After the breach, Target was forced to re-evaluate its supply chain systems. Also, this situation cost the company close to $67 million in compensation and damages. The Target incident stands out as one of the costliest supply chain security breaches in history. Ultimately, the blame falls on an insecure supply chain system that was easily exploitable.
Like piracy, there are some security incidents that you cannot plan for. However, companies can still take steps to ensure that their systems are as secure and safe as possible.
Preventive measures for physical security use both high and low-tech solutions. Using RFID tags and serial numbers for products can help track exactly where they’re from. This indicates if merchandise is meant for a particular location or even counterfeit. Another effective security measure targets employees involved in the supply chain itself. A 2012 survey found that company employees were responsible for ⅓ of company shrinkage. Although vetting employees through the interview process is a step in preventing breaches, it is not enough to prevent theft. Using new tech in the workplace such as surveillance cameras and automated vending machines can help to mitigate the impact of security risks, regardless of their size.
One major prevention step is for companies to secure access to digital systems and encrypt valuable data. Encrypting data, with 128-bit SSL encryption for example, and limiting user permissions can help restrict data access. Also, it can protect info in the event that a breach does occur. Using this type of system limits potential incidents and allows companies to respond quickly if anything happens. This article is not an exhaustive review of supply chain security systems. However, it does provide links to resources that outline strategies to help reduce shrinkage and improve a supply chain security.