business vulnerability Archives

Disruptions in the supply chain can ripple throughout entire industries. As the world becomes more interconnected, these threats become increasingly worrisome, with widespread issues throughout the COVID-19 pandemic highlighting their severity.

Supply chain attacks rose by 42% in Q1 2021 in the U.S. alone, impacting 7 million people. In light of these rising threats, supply chain security is more important than ever. Here are seven pointers for improving safety.

1. Restrict Access Privileges

One of the primary drivers behind rising supply chain attacks is these networks’ wealth of valuable data. Logistics organizations have gone digital and now generate and store vast amounts of information that cybercriminals can steal or hold for ransom. Restricting access privileges can help mitigate these threats.

The more people have access to a system or database, the more potential entry points there are for cybercriminals. Supply chains can eliminate these vulnerabilities by restricting who can see or interact with which systems. A good practice to follow is the least privilege principle: Only those who absolutely need given data to perform their duties can access it.

Tighter access privileges should pair with thorough authentication measures. Users must verify their identity through multifactor authentication (MFA) before accessing anything they’re authorized to.

2. Verify Third Parties’ Security

Third-party actors are another common vulnerability among supply chains. As an example of how pressing this issue is, the now-infamous SolarWinds hack, the biggest cyberattack of 2020, came from a third party. Hackers gained access to thousands of businesses and agencies by infiltrating SolarWinds, a third-party service they all used.

Supply chains must verify the security of any third party before doing business with them. That can mean asking for proof of security measures, only partnering with certified organizations or auditing third parties’ security through independent specialists.

Organizations should also apply the principle of least privilege here. Third parties should only have access to the systems and data they need and nothing more. That way, a breach on their end will cause minimal damage.

3. Secure All IoT Devices

Many have unknowingly created new vulnerabilities as supply chains have embraced new technologies. The widespread use of Internet of Things (IoT) devices to track inventories and shipments can put supply chains at risk. While these gadgets are extraordinarily helpful, they’re notoriously risky if companies don’t secure them properly.

A seemingly innocuous IoT device can act as a gateway to more sensitive systems and data on the same network. Thankfully, the steps to mitigate this threat are relatively straightforward. First, supply chains should host IoT devices on separate networks from other systems so hackers can’t access more sensitive data through them.

Next, supply chains must encrypt all IoT communications to secure their data transmissions. Encryption is often disabled by default, so this step is easy to overlook. Enabling automatic updates will help keep these devices secure, too.

4. Equip Workers Appropriately

While cyber threats may be the most pressing aspect of supply chain security, organizations shouldn’t neglect physical security, either. Piracy, physical theft and similar crimes are still relevant dangers. Supply chains can protect against these by hiring security staff and equipping them appropriately.

New padding technologies can consist of 0.01% solid material but still provide sufficient protection. Equipment like that will help security workers stay safe while not restricting their comfort or range of motion. Other tools like metal detectors, flashlights and ID scanners can further provide these employees with the utmost protection.

Equipping drivers and other supply chain workers with emergency resources is crucial, too. Radios, medical kits, rations and similar supplies should be standard in trucks, ships and other vehicles.

5. Improve Supply Chain Transparency

Supply chains can improve physical and digital security by increasing transparency. The more an organization can see about its operations, the faster it can respond to any incoming threats.

IoT security systems can let workers monitor cameras from their phones, giving quick access to security information. Similarly, organizations can employ smart sensors to monitor for break-ins, fires, leaks and other threats to alert employees when a situation arises. When companies learn of these risks faster, they can respond more effectively.

Similarly, network monitoring tools can give IT teams insight into potential data breaches. Artificial intelligence (AI) systems can continuously monitor for suspicious activity, alerting workers when there’s a possible cybercrime attempt.

6. Train Employees in Security Best Practices

No matter what other security steps an organization takes, employees must be taught about them. All it takes is one misstep from a worker to jeopardize a supply chain’s security, regardless of how strong its other defenses are. For this reason, as many as 85% of data breaches result from human error.

Every employee should receive security training covering relevant risks, best practices and emergency procedures. It’s important to stress why these methods are important so workers understand the gravity of their actions in some situations.

In addition to initial security training sessions, supply chain organizations should host regular refresher training. That way, proper procedures will remain fresh in employees’ minds, preventing mistakes related to them forgetting best practices.

7. Create an Incident Response Plan

Supply chains must understand that no defense system is perfect. Disruptions in this industry are too risky, and it’s likely they will someday experience an emergency. They should create a formal incident response plan to enable quick, effective action should an unexpected event occur.

More than half of all companies have experienced downtime that’s lasted eight hours or more in the past five years. Supply chains can prevent this through a disaster recovery plan. What this looks like will vary among organizations, but it should include backup resources, communication strategies, specific protocols for each department and contingency plans.

Supply chains don’t need to prepare for every emergency but should determine which events are the most likely or potentially destructive. These incidents deserve formal, detailed response plans, which all employees should know. To ensure ongoing efficacy, organizations should periodically review and update these plans.

Supply Chain Security Is Essential

If a supply chain experiences a security breach, it could affect far more than the logistics company itself. That risk, coupled with the rising trend of supply chain attacks, makes these security steps essential.

These seven points are not a comprehensive list of security procedures but cover the most important factors. Supply chain organizations should ensure they consider these steps and take further action if necessary.

As prolonged drought, heat, other climate factors, and population growth trends intensify wildfire risks in the Western U.S., parts of Australia, Europe, South America, Africa and several other industrialized areas of the world, many governments have expanded their precautions to reduce the likelihood or severity of these devastating events, including massive temporary electrical power shutdowns and large-scale evacuations of at-risk residential populations.

The combination of actual wildfires and government preventative measures have made it critical for businesses with operations, suppliers and customers in vulnerable areas to develop comprehensive plans to prepare for and manage power outages and operational shutdowns that can be implemented safely and quickly – especially during seasonal periods when wildfire risks are most severe.

From developing, adjusting and testing a business continuity plan to preparing for and evaluating the impact of potential wildfires, related government-mandated power outages, evacuations and highway closures, business leaders and managers need to assess their potential vulnerabilities to wildfire risk and develop and implement appropriate measures to mitigate them.

Accordingly, here are 10 steps for managing exposures related to wildfires. Note that many of these measures apply to areas where scheduled power outages may occur, but facilities may continue to be occupied and can be operational using alternative or back-up power sources.

1. Review and update your company’s emergency plan. This includes developing any contingencies that might need to be added to account for the evacuation or residential areas where employees with emergency responsibilities may be located. Ensure that personnel with assigned responsibilities will be able to get to the facility in the event of a power outage. Plan for the possibility that some employees with emergency duties may reside in areas being evacuated and won’t be available for work. If possible, choose back-ups who reside in different areas. Double-check that your communication plan is established and that you have up-to-date call trees so employees can be contacted on a timely basis when emergency situations arise.

2. Assess power-down procedures. Make sure they are up to date with respect to any new equipment or recent facility expansions or modifications. At the same time, be sure your managers understand the steps for restoring your plant or facility to full operation once power is restored.

3. Check emergency power resources. Start by testing and securing any generators available. In addition, make sure your company has adequate fuel to withstand multiple power outages within certain time periods.

4. Evaluate lighting and equipment. Ensure emergency lighting is operational and that computer systems are backed up and current. During periods of high wildfire threats, such as during extended drought conditions, employees with laptops should be instructed to back-up data on a daily basis and make sure they are fully up to date in the event they need to work off-site for extended periods. In the event of an outage, make sure desktop computers, mainframes, servers, and other critical electrical equipment is switched off, so it will not be adversely impacted when the power is restored. If the facility is to be vacated and time permits, consider removing valuable equipment.

5. Check perishable products and vulnerable inventory. Consider offsite warehousing for any products that may be affected by the loss of temperature or humidity controls. Alternatively, consider using reefer trucks and/or dry ice for maintaining appropriate temperature control to protect inventory and equipment during an outage.

6. Revisit facility security measures. Make sure all doors and windows are secure and consider restricting access to the entire property through the use of perimeter fencing. Keep in mind standard security alarm and access control systems may not be functioning in the event of power outages.

7. Request assistance from law enforcement. Notify local police authorities to request additional patrols and increase internal security rounds (as installed CCTV systems may be inoperable during any power outages that result from mandated, preventive shutdowns or those arising from the spread of wildfires).

8. Establish planned fire watches. Whether for preventive purposes or as a result of damage related to wildfires, any electrical power outage may result in impaired fire protection systems. As practical, businesses should designate a safety team member to conduct an ongoing fire watch during any area of power outages to spot signs of potential exposures as well as other system impairments. In areas where wildfires may be expanding, personnel should also continually monitor the news media for civil instructions regarding potential evacuations.

9. Consider options for reporting fires. Designate a safety, maintenance, security or operations team member to contact the local fire department in the event of a fire as a fire alarm system, transmission and notification may be interrupted during any electrical power outage.

10. Check premises for fire hazards. Trim foliage on property and evaluate risks of any combustibles on premises, including any being stored away from the building; if appropriate, consider relocating to indoors or other locations to minimize potential fire hazards. Eliminate any hot work or hazardous operations.

During the past several months, wildfires in various areas of the world have resulted in the loss of life, devastation of wildlife, caused several billions of dollars in damage and had a significant impact on business and industry. By taking steps to prepare for these exposures, businesses can help reduce their risks and speed their recoveries from these perils.

________________________________________________________________

Jeff Borre, a director in Aon’s Property Risk Control Practice, manages the firm’s Field Services group, which provides a wide range of consulting services, including property risk control site surveys, to meet the property risk management needs of commercial and public sector clients. He joined Aon in 2001, after serving with Ahern Fire Protection and Nexus Technical Services Corporation where his responsibilities included designing fire protection systems. He earned a bachelor’s degree in civil engineering from Southern Illinois University-Edwardsville and holds the Associate in Risk Management (ARM) designation. A Professional Engineer (PE) licensed in Illinois and Wisconsin, he is a member of the National Fire Protection Association, Society of Fire Protection Engineers, American Society of Safety Professionals, and American Society of Civil Engineers. He can be reached at jeff.borre@aon.com.

Christian Ford, a managing director of Aon, serves as chief operating officer – Property Claims Advocacy within Aon’s Global Risk Consulting group. In addition to various leadership responsibilities for the group, he works directly with numerous clients on complex property claims advocacy and resolution. Earlier in his career, Ford served as a multi-line claims adjuster at two large commercial insurance companies. He earned a B.S. degree in business administration from John Carroll University and also holds the Senior Claim Law Associate (SCLA) designation. He can be reached at christian.ford@aon.com.

Improving Security Along Your Supply Chain: 7 Pointers