The Journey of Securing a Long-Tail Supply Chain

Supply chains often are long and complex, and as organizations rely more and more on data to drive their businesses, digital supply chains continue to grow. And as the supply chains continue to grow, so do expectations and risks.

To increase profits, many organizations rely on outsourcing to a supply chain partner, which leads to an extended, long-tail value chain. When agreeing to a digital supply chain partner, there are two important factors to consider: the ability to trust your partner’s security protocol and the consideration of any risks that could result from outsourcing through multiple parties. When agreeing to work together, you expect good practices and implied trustworthiness, but how do you know for certain that the digital supply chain partner is cyber-aware and can be trusted? Malicious actors can be crawling around anywhere, including your partner’s network or further down the supply chain tail. What happens if someone, somewhere on your “trusted” chain has a malware attack due to their poor cyber hygiene and you lose a critical component of your business? To prevent a catastrophic event, you must build a strong trusted and defensive supply chain to ensure all electronic files are arriving safely to their destination from their point of origin.

Real trust amongst the supply chain is dependent on several things. First off, make sure that you have visibility into your partner’s security protocols so you can influence those protocols as much as possible, guaranteeing you and your business are as safe as possible. In addition, investing in leading-edge technologies that put the most effective protective barriers between you and your partners, while not getting in the way of business, provides the best security. There are cybersecurity standards, such as Domain Message Authentication Reporting & Conformance (DMARC) that reach email authentication protocol, and technologies on the market that stop all sorts of malicious threats, both of which monitor and secure who and what is entering your network. These are just two of the many ways you can ensure your chain is as secure as possible.

At the same time, while defending against cyber-risks, you must be cautious of some of the security protocols you follow and technologies you invest in to prevent potential operational risks. For example, risky files will be stopped, but so will a lot of other trusted emails, which then impacts the normal course of business, slows productivity and leads to inefficient operations.

Today’s businesses require a much higher pace of operations, making these types of disruptions unacceptable. We recommend investing in leading-edge technology such as content disarm and reconstruction (CDR), which, rather than attempting to identify and block suspicious attachments, regenerates clean, secure files and passes them on.

Taking this a step further, extended value chains can include fourth or even fifth parties, making the documents journey much longer. A company may receive an infected invoice from a third party but use a fourth party to pay the bill, sending the infected file along, infecting all systems they malware touches. But for those with file regeneration technologies in place, the chain is immediately broken.

Another important aspect of long-tail value chains is ensuring you aren’t patient zero. Ensuring the integrity of your outbound files is as important as defending yourself from those that come in. Given the number of cyberthreats, organizations should be taking a hard look at technologies and partners that enforce a standard of compliance to both outbound and inbound files. Diligent policy-setting will always be important, but combining it with the right technology and a deliberate and constant focus on outcomes will provide far greater assurance that all organizations across the business ecosystem stay safe.

Greg Sim

Avatar photo

Greg Sim

Greg Sim - CEO, is an entrepreneur and investor with a successful track record of fund raising and strategy realization. Throughout his career he has successful founded and sold a number of businesses. Greg founded Hanson & Robertson Life and Pensions Ltd in 1987. Subsequently he founded Kudos Financial Services in 1991, which he built into a top 100 UK independent financial advisory Company before selling it to management in April 2000. Later that year, with the backing of FTSE 100 Company Scottish & Southern Energy plc, he founded Simple2 Ltd., an application service business for the professional employee benefit market. He sold the business back to them in 2005.

greg-sim has 2 posts and counting.See all posts by greg-sim