Look no further than the supply chain of connected businesses across industries from retail to motor manufacturing to oil and gas. You’ll see businesses large and small working together, sharing information, advice and data, to get a bigger job done. Collaboration is king.
But in today’s connected economy, the benefits of supply chains are counterbalanced by new risks. Cyber-hackers – some with mythical or mysterious sounding names like Yeti or Energetic Bear – increasingly target what they see as the weak link in a supply chain. They trick employees into making fraudulent wire transfers, steal and corrupt confidential information or simply disrupt the operations of multiple businesses.
Data Breaches Are On The Rise
Research conducted by international business consultancy, PwC, for the UK government found that 74% of small businesses reported a security breach in 2015, up 60% from 2014. Compared to 90% of large organisations who reported a breach, up 80% from 2014. It’s not just the number of security breaches which have increased, the scale and cost nearly doubled in 2015 with £75k – £311k being the average cost to a small business of the worst breach. 11% of respondents even changed the nature of their business as a result of their worst breach.
Suppliers Need To Be More Aware & Secure
Nearly one in every five cyber-attacks began with a business partner’s security being hacked and data being stolen. For example, US company Target itself became a target via one of its suppliers in 2014. Early last year, TalkTalk ended up going to the courts to seek compensation from a supplier who was hacked, exposing TalkTalk customer account details.
Tony Anscombe, Senior Security Evangelist at AVG Business, a worldwide provider of security solutions, offers some important guidance: “I would urge all businesses to ensure their suppliers are taking security seriously. Hackers can find their way into big brands via small company suppliers where security may be weaker, so it’s important to state in service level agreements that the right levels of security must be in place and what those levels are. Suppliers – for their own sake as much as their customers’ – need to be doubly certain they have the right security measures in place before they connect to any customer systems, onsite or remotely.”
There’s a rising trend for using Cloud computing and storage, portable devices and social media for all manner of business transactions and service delivery. While these tools certainly allow employees and suppliers to collaborate with each other in more flexible ways, they do present additional points of entry for hackers to exploit.
Review and refresh your security, then ask your suppliers to do the same and confirm the results to you. It might also be worthwhile updating your supplier contracts to include clauses which relate to the security standards, policies and procedures you expect them to meet or have in place.
Simple Steps To Better Security
When it comes to computers, take a leaf out of the FBI’s book:
- Keep your firewalls turned on.
- Install or update your antivirus software.
- Keep your operating systems up to date.
- Be careful what you download.
- Turn off your computer!
That advice works hand in hand with the UK Government’s broader 10 Steps to Cyber Security. Expecting a supplier to follow these steps could form part of your formal contract with them, and as Ed Vaizey, the UK’s Minister of State for Culture and the Digital Economy, says: “If you use these basic technical controls, you can protect yourself against the most common cyber attacks. All businesses and organisations should adopt the scheme as a vital first step – no ifs or buts.”
Make Your Business Less Attractive To A Hacker
Reversing the rise of hacking attempts may not be possible, but reviewing your own data security and asking suppliers to do the same is doable. Simple steps and small changes can make a big difference.