Procurement leaders are living with the new-found reality that cyber threats are permeating across their entire supply chain. Procurement jobs have become incredibly complex with the need to expand outsourcing due to facing worker shortages in a slow economy while managing business, safety, sustainability, and cyber risks with the vendors they manage.
IBM’s Cost of a Data Breach Report 2020 stated that two-thirds of supply chain data breaches are due to supplier vulnerabilities, and Supply Management reports that supply chain cyber-attacks have quadrupled since 2020.
Procurement leaders are quickly partnering with their IT and Infosec departments to fortify their procurement castle, targeting software and IT vendors, and ensuring all new vendors go through a rigorous cybersecurity review and assessment , as well as starting to verify whether vendors have cyber insurance in place with adequate coverage.
But where are you still vulnerable?
What Procurement leaders can learn from medieval castle defense
In medieval times, armies that wanted to attack a castle looked for a weak point. They knew attacking fortified walls, towers, and battlements would be ineffective. Today, cyber attackers still target a company’s direct operations, and their direct IT/software suppliers – but their likelihood of success has decreased due to today’s cybersecurity programs.
More sophisticated armies targeted the weakest, and most unlikely, parts of a castle. One part was the drawbridge. When not under siege, the drawbridge would be left down to allow convenient access to villagers.
Who used these entrances the most? Villagers and workers who provided basic services to the castle - like plumbing, irrigation, food services, deliveries, landscaping, and construction.
In today’s terms, these would be HVAC technicians, industrial service providers, construction companies, electricians, transportation and logistics providers, and plumbers. Avetta has the world’s largest network of these supplier and contractor types.
A new cyber threat
Avetta manages risk for onsite industrial, construction, transportation services, facilities and property maintenance, material and manufacturing, and professional, technical, engineering, and real estate vendors, contractors, and suppliers.
Our clients have seen increasing cyber attacks on these non-IT vendors. Why? Because many of these non-IT companies don’t have the robust cyber security programs that an IT/Software vendor has, and the compliance programs that they do have are not as sophisticated in detecting cyber threats as they could be. However, these vendors routinely interact with a company’s e-mail, website portal, procurement, and payment systems. For example, one of the largest data breaches with a retailer happened to Target several years ago. Target had credit card and personal data stolen from 110 million of their customers. The hackers gained access to the Target network using login credentials stolen from a company that provides HVAC services.
The fact is that most of these supplier types have flaws that can be easily exploited by hackers. At Avetta, we have seen increasing attacks on these vendor types, in addition to hackers trying to impersonate this type of supplier and try to sign up to an organization’s supplier or vendor portal.
This is exactly why we just launched our new Avetta Cyber Risk Solution…
Avetta Cyber Risk
Now, when an organization onboards or sources an Avetta supplier or contractor they will be able to verify them for safety compliance, ESG and sustainability programs, and now for cyber security vulnerabilities. Think of it like scanning your email or website downloads for cyber threats – Avetta does this for supply chain vendors.
The Avetta One Cyber Risk solution scans every vendor, large or small, frequent, or infrequent. Most solutions cannot reach this network of third-party providers across the entire supply chain of a large organization.
For every contractor or supplier, regardless of size, Avetta has released
- Cyber scores by each supplier on their Application Security, DNS Health, Endpoint Security, hacker chatter monitoring, IP reputation, information leaks, network security, and social engineering risks.
- Easy to understand cyber scores on every supplier, from A to F ratings broken out by cyber risk category. Contractors with an F rating have a 7.7x higher likelihood of experiencing a data breach compared to A-rated vendors.
- Detailed gap analysis, scores, and actions the supplier can take to improve their cybersecurity.
Procurement leaders can run an ongoing report and dashboard on the cyber health of their supply chain contractors and can view the distribution of rated vendors across their supply chain.
An organization can then identify the lower rated suppliers, their weakest links, and provide them with custom reports, corrective actions, and targeted training so that a vendor can update their own cyber practices to ensure their business is protected from cyber-attacks.
The best news is that Avetta Cyber Risk is part of the Avetta One offering at no additional charge or fee. Avetta procurement clients and suppliers can simply enable Avetta Cyber Risk at no additional fee, and start bolstering their defenses, drawbridges, and posterns further strengthening their procurement castles.
