Subscribe to the blog

Get the latest Procurement insights from our experts

Procurement – an important line of defence against cyberattacks?

by | November 19, 2018

Initially, the internet was developed as a global network connecting people with similar interests and passions miles apart from each other. The concept of the internet was that is was a safe place, where everyone was free to be themselves and express their ideas and opinions. At that time, it was designed as a place to escape from the rules and regulations of reality.

Today it is much more, it is part of our personal lives and work lives, making them easier and more complicated at the same time.

It is now easier for companies to run their business, connect with customers and suppliers from all over the world and be active on a global market. But being active on a global interconnected market can have its dangers. Most recently espionage, attacks and wars have happened online. Companies now need to be more and more aware about a new type of safety measure called cybersecurity.

Cyberattacks have become a common theme, it doesn’t take much to do but it can have devastating effects on reputations, making it very difficult for businesses to recover afterwards. It has recently been reported that the total industry loss from the Petya / NotPetya cyberattack has now passed $3 billion, which comes to show cyberattacks are a real modern problem. Moreover, the Cyber Security Breaches Survey 2018 shows that over four in ten businesses (43%) experienced a cybersecurity breach or attack in the last 12 months.

So, what should companies watch out for?

Risk factors

Business organisations need the internet in order to run their business, it is almost impossible nowadays to run a successful business without making use of the internet (whether we’re talking about cloud applications, online platforms that help you interact with clients etc). As we mentioned above using the internet to run your business comes with risks.

Procurement is one department of your business that is quite prone to cyberattacks, as it expands its supply base complexity and adopts interconnected software systems, thus making it easy for cyber attackers to infiltrate other departments as well.

Globalisation and working with a large base of suppliers from all over the world is opening  businesses to a wider group of threats within the supply chain, these activities can leave the company open to foreign entities that might try to exploit weaknesses in IT infrastructure, gaining access to consumer data and intellectual property in the process.

Not taking into account potential risks and not having implemented the appropriate safety measures (from technical solutions to compliance and safety policies) can make your organisation an easy target for cyberattacks.

A lot of the times companies are not aware of the consequences a cyberattack can bring. Here are some areas that could be affected during a cyberattack.

  • Data deletion (from customer data to employee and supplier data) which in addition can leave your business partners more vulnerable to cyberattacks
  • Exposing company information, such as intellectual property
  • Material losses (from logistical errors to hacking into financial accounts)
  • Losing clients – if word is out that your company has been the victim of a cyberattack you could very well expect to lose clients. Many clients request the signing of an NDA with their suppliers, and a cyberattack can, involuntarily, make you breach that NDA

Improving cybersecurity

Now that we are aware of the threats that cyberattacks carry and we understand the risks that companies are exposed to, let’s see how we can reduce risk and protect our organisation.

  • Strengthening relationship with IT

A good relationship between IT and Procurement and aligning objectives between the 2 is essential for handling cyberattacks. When working with software vendors and deciding to implement a new software solution it is especially essential for IT to be involved in the selection process.

In addition to this, procurement should collaborate with the IT department to regularly monitor systems and internal policies ensuring a good security fence for the company.

  • Supplier management

Your supplier base and the way you choose your suppliers can have a big weight on cybersecurity, making supplier relationship management software a critical capability for procurement departments.

In addition to this, when assessing their suppliers, organisations should always consider the cybersecurity preparedness and security parameters followed by suppliers, as the suppliers’ lack of security could affect their own.

Thirdly, organisations should have in place a strong set of standards for their suppliers.

  • Implement cybersecurity software solutions

There are certain security software solutions that companies can implement to help ensure security measures are up to date, prevent unauthorised access to data and monitor the status of security procedures.

Once you’ve implemented this kind of software you need to make sure your IT systems and infrastructure are regularly updated, as this is what hackers often take advantage from.

  • Adopt a data security standard

Adopting a data security standard, such as ISO 27001 will not only make your customers more trustful of your company but will also make sure you implement the necessary security measures that will get you that ISO certificate.

  • Develop a recovery plan

Last but not least, although you might have taken all the necessary precautions to prevent cyberattacks your company might still be a victim (however, the risk is significantly reduced). This is why organisations need to have in place a recovery plan. A recovery plan should contain some potential cyberattack scenarios, a set of procedures to ensure work continuity in these cases and explain what the tasks of each member of the organisation will be.

Is your company prepared in case of a cyberattack threat? It’s OK if you don’t have all the security measure in place. Many companies still don’t. The first step is being aware of the potential risks. After that, adopting security measures can be done in time, as it is a continuous effort meant to ensure the cybersecurity of your organisations and that of your business partners. Have a chat with our procurement experts and see where your prourement organisation stands in what regards cybersecurity.