Security risks in the supply chain

The use of Internet of Things (IoT) technologies enables retailers and manufacturers to better track their products from the beginning of the manufacturing process at their source vendors all the way through delivery to the end customers. It can alert the retailer and manufacturer of discrepancies as they happen, saving them from discovery by the retailer or customer after delivery, says Dan Mitchell, director of the Global Retail Practice at SAS.

There's no doubt that the IoT has had a profound effect on the supply chain, adds David Hood, ‎director, Technology Marketing, with Mimecast, as the ability to harness data points and apply Big Data technologies makes companies far more responsive and adaptable to shifting demand. "Collaboration inter-company has never been easier with platforms that promote sharing information, documents and key data. The challenge is doing so while still being cognizant of the security and data risks that exist."

Technologies Used in the Supply Chain: RFID

RFID tags have quickly become a big part of the supply chain for tracking inventory, according to Jim Dempsey, Panasonic Mobility's enterprise business development manager. "From the store perspective, RFID tags track inventory and can alert managers on the front end when inventory is running low so they can alert supply chain managers to ship additional inventory," he says.

Technologies Used in the Supply Chain: Mobile

Although the supply chain has been utilizing mobile devices for several decades, today's advanced devices, ubiquitous mobile broadband and fully integrated business-class applications are streamlining pick-up and delivery, route management and field sales, says Kevin Beasley, CIO at VAI. "Using today's affordable and user-friendly mobile devices, businesses can track current inventory levels and push sales offers to field personnel in real time, so that the customer is not only receiving personalized service but also special offers instantly."

Technologies Used in the Supply Chain: GPS

"With improved GPS accuracy, advances in temperature sensing, and product serialization (authenticity), professionals can get a better understanding of the health of their supply chain — as it's happening in real time," says Rob Cheng, head of growth at Elementum. "This translates to fewer stockouts, shorter wait times, increased quality of goods, and ultimately higher customer satisfaction."

Supply Chain Security Risk: Phishing and Whaling

Mining capabilities have become very sophisticated, Beasley points out, and this has brought an increase of phishing and whaling attempts within the supply chain. This includes attempts to acquire usernames, passwords and credit card details, and sometimes money, by masquerading as a trustworthy person in an electronic communication. "Companies should be aware of supply chain impersonation and should carefully monitor email, know who email is truly coming from, and understand there are wire transfer risks," says Beasley.

Supply Chain Security Risk: Compromised Data

Michael Lucas, Chairman of i3 Brands, uses the example of compromised pharmaceutical data, but all intellectual property is at similar risk.

"Pharmaceutical data is comprised and locations and access to source ingredients for essential treatments (vaccines, opiates, etc.) could potentially be stolen," Lucas says. "Once a company loses access to the ingredients of a highly sought after drug, it could have ripple effects throughout the supply chain that could inflict serious harm on the consumer."

One potential solution is for manufacturers to work in coordination with governments to implement stronger collaborative security measures across the secure supply chain, including a mutual exchange of information about potential external threats.

Supply Chain Security Risk: Lack of Encryption

Because this is highly sensitive data, it can be a big target. Most companies don't have the time and resources to properly secure it, while making sure their business users have the tools they need to be successful, explains Brady Cale, VP of Engineering at Taulia. "Companies shouldn't feel the need to take on all the responsibility for protecting against this on their own, but rather partner with organizations that are employing the top standards to keep their data safe and secure at all times," he says. "At Taulia, we do this by encrypting all data to the latest standards (AES 256) at rest and in transit. We have user-level authentication/access controls and functionality to ensure the user can only see information that is within their scope."

Supply Chain Security Risk: Third Parties

Collaboration within the supply chain helps to drive productivity and improve on innovation. But third parties are a huge risk because a security incident on their end could end up affecting your supply chain. "The IoT is a big productivity-enhancing next step, but with the expanded interoperability comes expanded exposure to email-borne threats and attacks," says Mimecast's David Hood. "A coordinated approach to expanding interaction while ensuring security is a prudent way to get involved with the IoT and the main benefits it represents."

Supply Chain Security Risk: BYOD

BYOD in the supply chain can cause major security issues given the role the supply chain plays in a variety of industries from retail to auto manufacturing, says Dempsey. He recommends that organizations take a layered approach to mobile device security as part of their supply chain security strategy that includes the following steps:

Hardware level (Enterprise-grade chips)
Software-level encryption
Compatibility with major multi-factor authentication programs
Secure VPN technology
Work with enterprise-grade mobile hardware providers that have experience in secured mobile device deployment in the supply chain