Could cyber risk ever get under control?
Business response to the cyber security threat
As business processes are increasingly digitising, cyber threats pose significant risks to business operations, especially when dealing with third parties and suppliers.
The recent cyber attacks remind us of our digital dependency and vulnerability driven by the technology proliferation.
We’ve interviewed three leading industry practitioners working in cyber security from Huawei Technologies, Nokia and Geodis to see how they manage cyber risks in dealing with third parties and suppliers.
The biggest disrupter
Huawei Technologies’ Cyber Security Officer & Advisor to the CEO Jaap Meijer claims that the biggest disruptor is “the risk of breaking the integrity of the whole cyber security chain”. “Supply chain management is just one part of this but other parts, like R&D, logistics, partner management, implementation, manufacturing are equally important in order to manage the confidentiality, integrity, availability, traceability and authenticity of the products and services” – he argues.
Speaking about the supply chains specifically Meijer mentions a number of main threats for products that are to be tainted or counterfeited. He names malware, unauthorised parts, unauthorised configurations, intentional damage, or the use of substandard parts or unauthorised production.
When looking into what drives cyber risks GEODIS Freight Forwarding’s Head of Global Supply Chain Security, Tom Brabers names “the availability of data that enables online platforms to offer services” as the main driver. “As the supply chains are getting more and more complex, the data is getting more important.” – he expands.
Echoing Brabers’ point, Nokia’s Supply Chain Information Security Program Lead Santtu Erkkilä says that a growing number of suppliers makes it incredibly hard to know “where your valuable data is and whether it is sufficiently protected”. The other risk is associated with the speedy use of process automation and digitalisation where “information security risks are not assessed and controls do not exist”.
Being a fast moving space, cyber security requires continuous monitoring and improvement constant review of the end to end chain as new products, services, processes, legislations are being released and are being altered everyday says Huawei Technologies’ Meijer.
Among the major cyber security risks when working with third parties interviewees named the loss of intellectual property, the loss of the availability of digitalised and automated supply chain process due to a cyber threats, and most importantly, the loss of the customers and key stakeholders’ trust.
How to manage cyber risks
While a board-led security and privacy committee is leading these efforts at Huawei Technologies, all employers must “own” cyber security responsibility claims Meijer. “The responsibilities are developed, distributed, integrated into the processes (all the way down to the suppliers and partners). This governance framework is in turn distributed and customised into all operating countries to ensure full alignment with local ways of working and applicable legislation.” – explains Meijer.
Interestingly Meijer admits that the perfect security can’t be kept, but managing risk consistent with the organisation’s risk posture and business objectives is what needs to be done in the future. “We have to assume that our security will be breached and we have to make sure that we are ready to respond, recover, provide maximum resilience and have backups in place where needed to secure continued business operation” – he explains.
While GEODIS’ Brabers is confident that the company will continue embracing digital opportunities while managing the risks associated with it, Nokia’s Erkkilä believes that industry 4.0 will drive a big change to supply chains.
After all, cyber security is everyone’s business. And as Meijer points we should “understand that everyone is, and has to be, accountable within the risk ecosystem to help the overall global requirements better align”.
Huawei Technologies’ Cyber Security Officer & Advisor, Jaap Meijer alongside Nokia’s Supply Chain Information Security Program Lead, Santtu Erkkilä and GEODIS Freight Forwarding’s Head of Global Supply Chain Security, Tom Brabers will share further insights on the topic at the Third Party & Supply Chain Summit 2017 on 29-30 June in Amsterdam.
Other speakers include Head of Global Security, Philips Lighting, Chief Information Security O?cer, Iberdrola, Chief Information Security O?cer, MENAT, GE, Global Head of Cyber Risk, Aspen Insurance Group and more. View the Summit programme here.
Photo credit: Flickr/ SiteLock