A chain is only as strong as its weakest link. Therefore, small businesses need to solidify every aspect of their supply chain. Over the years, you will likely have heard of many supply chain breaches due to third-party organisations. One such example is the SolarWinds breach or Colonial Pipeline hack. Before we dive into what you can do as a small business, let’s clarify what supply chain security is.
What is supply chain security?
The scope of supply chain security stretches far and wide. For this reason, there is no single, true definition. For the most part, we can include everything from physical to cyber threats. Whether we are dealing with transactions or enhancing our system security. According to SOCRadar (2022), supply chain attacks increased 62% in 2022, particularly within the cyber space. Therefore, this article will focus on the digital aspect of supply chain security.
Why does supply chain security matter?
Efficiency is the name of the game when it comes to businesses and their supply chains. The sudden uptick in attacks can be directly attributed to neglect as a result of favouring speed over safety. Businesses often look for the quickest answer to their problem instead of following the correct procedure in terms of compliance and safety. A good benchmark you can consider is ISO 28000. Although, you may be limited in terms of resources to truly achieve this level of security, it can be used as an indication of where you would want to be one day. It deals specifically with supply chain security risks and is considered the international standard for many organisations.
Examples of supply chain attacks
2019: The City of Johannesburg were the victim of both a ransomware attack against the electricity utility and a network breach that led to the banking sector being targeted by a Distributed Denial of Service (DDoS) attacks. The COVID-19 Pandemic also caused a significant surge in these types of cyber-attacks.
2021: Transnet was victim to a cyber-attack on 22 July 2021. Logistic companies are still feeling the burn of almost three years later. During the attack, Durban Port was operating at 10% of its capacity which led to serious economic setbacks for both the country and in turn, the businesses that keep its wheels turning. Trucks queued for hours outside of harbours to offload or collect their cargo.
2021: The Colonial Pipeline, which feeds oil to integral parts of the United States’ East Coast was the victim of a ransomware attack that ended up being declared a national security threat. The Colonial Pipeline is one of the largest and most important oil pipelines in the United States and stretches for almost 9000km. Many businesses were directly impacted by this hack.
What can you do as a small business to protect yourself?
Your primary focus as a small business is to minimise supply chain risks from externally developed software and to secure any organisational data accessed by another business. By ensuring that you have sufficient measures in place to protect yourself, you can mitigate many potential attacks you may face. Having a comprehensive risk management strategy in place you can guide your business to identify potential threats or issues. Or in the worst case, mitigate an actual breach. The answer is unique to each organisation and requires a tailored approach.
A supply chain security checklist
Below is a list adapted from Wright and Lewis (2022) that you can use to kickstart supply chain security management within your business.
- Implement locks as well as tamper-evident seals when shipping.
- Use accredited or certified suppliers.
- Require background checks for employees.
- Make use of permission-based or zero-trust principles.
- Implement cyber security best practices within your organisation.
- Conduct regular cyber awareness training with your staff.
- Regularly audit open source and vendor code.
- Restrict the access of third-party software.
- Have a response plan in the event of a discovered threat.
- Speak to experts about your supply chain security.
The growing prominence of supply chain security runs through every aspect of business these days. Many South African organisations have felt the impact of supply chain disruptions. Whether it be Eskom’s rolling blackouts or Transnet’s truck backups at the harbours. By implementing just a few of the above-mentioned principles you can give your business the edge it needs to focus on what you do best.