Really knowing your supply base – and the information that suppliers hold about your organisation – is vital if you are to mitigate risk, says David J Ward
Technology has enabled greater efficiency from supply bases, having evolved into a world where data analytics and AI have revolutionised the way we manage suppliers and deliver value to our customers.
However, technology has a darker side: it has opened up whole new areas of risk. At home these risks might be about how safe our money or our families are online, but at work it presents itself differently. If risk management strategies were complex before, they have increased exponentially since the internet began to dominate our lives.
As procurement and supply chain professionals, we need to take our role as custodians of external supplier relationships a step further. We must be guardians of our company’s reputation, products, intellectual property and data. We need to ensure we are monitoring the cyber-risk profile of our supply chains to detect data breaches – and be ready with corrective actions.
Almost all your suppliers will have digital connectivity with your company. They transact with you online, talk to you via email and get paid through an electronic system. All of these routes are open to infiltration by cybercriminals.
The dark web is a bit of a misnomer. There isn’t a separate internet, just servers supporting URLs that can’t be seen by conventional search engines. They exist in the same space, but are uncharted. The deep web simply contains data that doesn’t show up when you look for it. “Most of what exists in the deep web is not dangerous, but can be misused by those with malicious intent,” says Interpol.
But hidden in the deep web is what’s known as the dark web. Encrypted and anonymous, this is where the criminal activity takes place.
Here are three ways the uncharted web can compromise your company via the supply base:
Selling stolen or counterfeit products is a key activity of cybercriminals. Liaisons are carried out in the deep web and transactions can then be carried out, seemingly innocently, in plain sight on legitimate sites like eBay.
If your supply base is responsible for any part of managing your product – manufacturing, packaging or transportation – cybercriminals will have access to it. They will know where it is, where it is going and how to intercept it.
2. Intellectual property
Most IP is surprisingly freely shared between a company and its suppliers. It has huge value if sold to the highest bidder, and it also carries risk such as exposing confidential projects or business arrangements. With access to your systems – sometimes with as little as an email address – hackers and cybercriminals can trawl your networks looking for IP. That blueprint for a new microchip will be wide open to theft.
This is the easiest thing to lose: email addresses, passwords, credit card details… with just small elements of this data, criminals can deduce passwords, create hacking strategies and gain access to sensitive information, which they can then sell to the highest bidder.
While you can’t mitigate risk entirely, you can be more in control. Deep-web monitoring tools can detect and monitor what information from your company is being trafficked on the uncharted web. Such tools can see if information is being leaked from your suppliers and produce a dashboard showing you where leaks are occurring.
They can also be used in sourcing evaluation to see if certain suppliers are more susceptible to cyber security issues. If a potential supplier has too much deep-web traffic, you might decide it is just too risky.
Such technology should not just be used to manage what you already manage; it should shift your view of risk management. It can reshape how you work with internal stakeholders and suppliers to produce a technology-enabled, collaborative approach to a global threat.
David J Ward is a supply base management expert with an interest in technology and disruptive curiosity. He runs Avidus Partners.