Today’s supply chains are increasingly efficient, yet they also present substantial new levels of risk. Whereas supply chain managers of the past were most often concerned with price volatility, shortages and supplier failures, the globally-connected nature of today’s supply chain also makes it highly vulnerable to both physical and digital threats.
Since global organizations can support operations with partners in countries with varying infrastructure reliability, incident response plans are often siloed. This lack of continuity has made streamlining communications a severe and sometimes impossible challenge to overcome.
In an era when real-time transfer of information between international stakeholders is critical to the success or failure of many businesses, secure and streamlined communications are the most important, and the most frequently overlooked, component to an incident response plan.
Connectivity and Global Reach of Supply Chains: A Weak Link in Times of Disaster
SCM World’s 2017 Future of Supply Chain survey found that respondents are “very concerned” about data security, natural disaster and war. As mass-connectivity and improvements in transportation have made it easier than ever to source partners, most businesses now have touchpoints across the global supply chain, regardless of their location or the markets in which they serve. Connectivity has brought tremendous financial, productivity and efficiency benefits. However, it has also created a dependence on a globally-connected, real-time communication system that has fears of disruption proliferating among manufacturers that are moving closer to adopting just-in-time supply chains. What might start as a little ripple in a supplier country on the other side of globe can turn into a wave of failure by the time issues reach a production facility.
In addition to natural disasters, cybersecurity is now a major concern. The frequency of partnerships with third party cloud services and off-premises data storage providers; unauthorized mobile device usage, email phishing and aging infrastructure are all boosting risk. It’s even a growing threat for the federal government. Security rating company Bitsight recently reported that one in five users within tech, defense and aerospace contractors use outdated browsers that make them vulnerable to malware. In addition, the analyst firm IDC estimates that enterprises will spend more than $97 billion on risk management technology and services this year, a seven percent increase since 2015.
The Insecurity of Supply Chain Communications During & Post Crisis
One of the most important aspects of contending with and recovering from a natural or cyber disaster is communication. When a fire, earthquake, hurricane or cyberattack strikes a critical point in the supply chain, stakeholders need a reliable and secure channel to send time-sensitive information regardless of geographic, device and infrastructure constraints. Stakeholders are often tempted to communicate by any means necessary, but many of these traditional communication channels leave risks.
Perhaps the most widely used communications medium, email, is inherently subjected to network connectivity, response-delays and security threats. A survey from cybersecurity company Proofpoint found 77 percent of businesses expect to fall victim to email fraud in the next 12 months. Three-quarters also said that they have experienced at least one targeted email fraud attack while nearly half said they were targeted by multiple attempts in the past two years. A report from Cofense also revealed that more than 90 percent of data breaches can be traced back to an email-based phishing attack. While email might be one of the easiest ways to communicate, it is for a variety of reasons one of the most insecure. In response to email risks, many organizations have started to utilize SMS texting as part of their crisis communications. SMS texts are reliant on cellular infrastructure, which vary from country to country and is all too often unreliable when its needed the most. Additionally, SMS texts do not offer an easily retrievable record of communications – essential for event analysis post incident remediation. SMS texts are also not secure, therefore not immune to modern cyber threats, such as man-in-the-middle attacks or the uptick seen in SMS text phishing or “smishing”; a spoofing technique that enables adversaries to disrupt, compromise or hijack text messages.
Secure Messaging Brings Efficiency to Supply Chain Crisis Communications
Managing a crisis situation is already challenging enough, let alone having to work around vulnerable and inefficient communication channels. Whether it’s a manufacturer communicating with a supplier in a disaster area or a facility operator trying to notify an international office of a cyberattack outside of the network, secure and efficient communications are critical. The first step in validating an incident response comms plan is to ensure you have a secure and streamlined channel of communication that offers instant responses, can retain messages and works with or without an active cellular network. In recent years, many organizations have looked to ephemeral communications as a proven solution to mitigate risk by taking communications outside of their most vulnerable locations – email and SMS text. Secure messaging platforms eliminate the threat from outside senders because they use end-to-end encryption in which only approved senders can participate.
What’s also exclusive to enterprise scale secure messaging platforms is that the sender maintains complete control of the conversation, the data and its use at all times, preventing unintentional sharing, data theft and propagation of information. Further, unlike native SMS texting or email, secure messaging ensures all messages are captured and archived to the organization’s repository of record for compliance purposes and processes, while removing texts from sender and recipient devices. During an incident, secure messaging allows for rapid notifications, response and recovery communications to meet corporate operating procedures, without worry of third party surveillance or leaks, keeping the organization in control of the narrative of the event with one source of truth.
No entity within the global supply chain can prevent natural disasters and mass cyber incidents. However, they do have control over their response and the narrative that gets disseminated. Establishing a secure and compliant communication infrastructure through an enterprise grade secure messaging platform can mitigate many risks and help restore order before too much time and money is lost, or reputation is harmed for good.
With more than 25 years of industry experience in information management, compliance, eDiscovery and information governance, Kristi Perdue Hinkle has focused her career on helping technology companies create, launch and strengthen their brand, go-to-market, content marketing and lead generation strategies to drive market awareness, brand growth and revenue. Regarded as a subject matter expert on information governance, she speaks and writes on the topic regularly as the Chief Marketing Officer of Vaporstream.
Originally posted on Supply & Demand Chain Executive on July 13, 2018 by Kristi Perdue Hinkle.
*** This is a Security Bloggers Network syndicated blog from Vaporstream authored by Tali. Read the original post at: https://www.vaporstream.com/blog/incident-response-supply-chain/