Are Supply Chains Taking IT Security Seriously Enough?

The IRS, the CIA, Sony Pictures, TalkTalk, Kaspersky – what do all of these organisations have in common? Security

If you said that they have all been victims of cyber attacks during 2015, you would be right. With each high-profile incident, the profile of IT security and cyber crime is raised further.

For procurement and supply chain, this is something that needs to be considered, but is it being taken seriously enough?

Supply Chain Security

A recent poll carried out at IP Expo Europe by cyber security firm Tripwire, revealed a startling statistic when it came to IT security. Nearly a fifth of respondents to the poll said they would be prepared to use IT suppliers who do not meet their IT security standards.

Additionally, nearly half of the respondents (47 per cent) admitted that they currently do not carry out audits before working with suppliers, although 23 per cent did say they were planning on introducing this in the near future.

This is not a new issue, as this 2013 article highlights. So why, in 2015, are so many organisations not taking this issue seriously? With brand, reputation and share price at risk, not to mention potential regulatory fines, what should organisations be doing?

As simple as it seems?

While these statistics do not exactly paint a rosy picture, the truth is that the reality is not as simple as it might seem. One of the victims of a hack this year was Kaspersky, an Internet security and anti-virus software organisation.

Symantec, a global provider of Cloud, mobile and virtual security, was held to account by Google this month for issuing fake security certification for websites. These certificates could be used to intercept and subvert SSL/TLS protected traffic, which underpins e-commerce, banking, government and other important services.

Following two audits, Symantec has uncovered an incredible 2458 certificates for unregistered domain names, and Google has demanded an explanation and resolution to the issue.

Even the US Senate, taking action to pass a version of the Cybersecurity Information Act (CISA) that allows companies to share any and all information about their user base with the Department of Homeland Security, has come in for criticism.

John McAfee, founder of the IT security and anti-virus software company that bears his name, points out that while this Act helps the cyber security fight within the US, it doesn’t help with attacks from foreign soil, where the majority of the US hacks in 2015 are believed to have originated from.

What’s to be done?

If you weren’t already aware, the UK Government released new training in June this year to help procurement professionals stay safe online. The training is free and can be accessed via CIPS.

The Chartered Management Institute has also offered these tips to business leaders, which can be implemented in every organisation:

  • Understand the potential threats – review any internal and external vulnerabilities in business web systems, such as any easy entry points for hackers
  • Integrate cyber security policy within corporate culture – security policies must permeate throughout every process and decision with a company. This includes audits of suppliers.
  • Practice an incident response plan – have a ‘go-to’ plan of action for responding to a cyber incident

Good IT security comes down to good education, not only employees, but also stakeholders and suppliers, as well as good communication. Equally, one of the best ways to beat the cyber threat is by collaboration – with governments, regulators and even rival companies.

If organisations put their differences to one side and work together, there may be light at the end of the tunnel yet.

We’ll leave the last word to Jeh Johnson, the United States Secretary of Homeland Security – “Cyber security is a shared responsibility and it boils down to this: in cyber security, the more systems we secure, the safer we all are.”

Do you work in IT procurement? Do you have any good tips that you could share with your fellow professionals? Let Procurious know and we can spread the word.

We’ve scoured our sources to come up with the key headlines in procurement and supply chain this week…enjoy!

Boerum Showcases Supply Chain Transparency

  • Boerum Apparel, a clothing company based in Brooklyn, has released a sweatshirt which shows off its entire supply chain
  • Each garment’s journey from plant or animal to the finished product is is written on its label, and includes where the raw materials were sourced and where it was turned into a sweater
  • The organisation is working hard on its “radical transparency” programme, and hopes that it will lead others to follow suit
  • You can get more information by search for the Twitter hashtag #knowyoursources

More at

Toyota Breaks with Supply Chain Tradition

  • Japanese car manufacturer Toyota launched its new Corolla model this year, but departed from their traditional supply chain process of keiretsu
  • For the first time, Toyota chose to source a key component, a crash prevention system, from German manufacturer, AG Continental, rather than a Japanese-based firm
  • The decision is regarded as a symbol of Japan’s automotive suppliers falling behind the rest of the world when it comes to cutting-edge technology
  • Toyota plans to keep its keiretsu, but wants suppliers to be more globally successful and spend more on technological development

Read more at the Wall Street Journal

Living Wage on the Rise

  • The voluntary living wage in the UK is set to rise by 40 pence per hour, rising from £7.85 to £8.25 per hour in London
  • The rise is set to be officially announced this week, with organisations having six months to implement the changes
  • The move follows a report from KPMG that claimed almost six million workers in the UK were paid less than the living wage
  • In the last Budget the UK government announced a new compulsory National Living Wage that will come into force from April 2016, starting at £7.20 per hour

Read more at The BBC

Volvo to Test ‘Kangaroo Avoidance’ Technology

  • Around 20,000 kangaroo collisions are reported on Australian roads each year
  • Volvo has conducted a trial in Canberra last week aimed at adapting and using existing technology to help avoid the creatures on the nation’s roads
  • The technology uses radar and cameras to sense kangaroos along the road ahead and automatically brake as necessary
  • The technology has been used in the past for cows, moose and reindeer but requires calibration due to kangaroos’ more erractic behaviour

More at The Verge