Procurement professionals must be prepared to take basic steps to mitigate e-crime threats, delegates at a Fellows of the Future event heard.
Andrew Beckett, head of Cyber Defence Services at Cassidian Airbus Defence and Space UK, said businesses are now at risk from a wide range of attackers using a variety of techniques. These include advance fee fraud – where victims are targeted to make upfront payments for goods that don’t materialise – and malware houses, which sell custom-made malicious software. A total of 81 per cent of large corporations and 60 per cent of small businesses reported a breach of their cyber systems in 2013, according to the Department for Business, Innovation and Skills’ Information Security Breaches Survey 2014.
Beckett said procurement professionals and their boards must ensure risk appetite and tolerance levels are set, and the potential impact of a major cyber breach on the business’ reputation and brand is understood.
Businesses should also be aware of the impact of short and medium-term disruption to online services. Today, businesses need a cyber incident response plan that identifies individuals authorised to take decisions.
“Once you’ve done this for your business, ensure it is happening in your supply chain,” Beckett added, pointing out that many organisations address their own security but fail to recognise weak links posed by the supply chain.