You invest a lot in security. You pay security professionals to keep your organization safe. You spend money on the cybersecurity technologies they recommend. You diligently educate your employees about best practices for safe computing. But what if one of your suppliers has a security breach? Worse yet, what if they get breached and don’t immediately realize it? Well, that could adversely affect your business in two problematic ways—both of which should motivate you to start thinking about how your portfolio of business risks includes the cybersecurity of your suppliers.
One way that the cybersecurity of your suppliers poses a business risk to you is contagion. Businesses increasingly interact through digital channels—passing files back and forth, granting each other access to their networks, etc. So if one of your suppliers gets hit with malware or some other kind of malicious code, that code could easily wind up in your environment too.
Similarly, hackers who infiltrate one of your suppliers’ networks may be able to use whatever access privileges you’ve given that supplier to jump past your perimeter defense into your network as well. This kind of contagion occurs over and over. In fact, one of the most widespread cyberdisasters in history—the NotPetya exploit that first infected shipping giant Maersk’s worldwide network—propagated itself globally in exactly in this manner, paralyzing large corporations and SMBs alike as it spread like wildfire across digital business connections.
And the potential for such contagion will only increase as markets become increasingly digital. It’s inevitable. You’re going to do more business with more suppliers, contractors, partners, and customers via more digital channels like email, the web, the cloud, and supply-chain management systems. And that means greater exposure to the business risks associated with cybercontagion.
But contagion isn’t your only potential problem if one or more of your suppliers get hit with a cyberattack. The other problem is supply-chain disruption. After all, you depend on your suppliers every day. If you’re a manufacturer, you depend on them for parts and subassemblies. If you’re a retailer, you depend on them to keep your shelves stocked. If you’re in healthcare, you depend on them for medical supplies. And even if you’re a virtual retailer, you still depend on your web hosting provider and/or all the cloud-based applications you use to run your business.
If one of those suppliers falls victim to an attack, it could be more than just an inconvenience. You lose revenue because you can’t sell. You may permanently lose customers because you can’t meet their needs. Your brand reputation may suffer too—because no one cares that it wasn’t your fault that your supplier failed. They just know that you fumbled the ball.
So a successful cyberattack on a supplier is almost indistinguishable from a successful cyberattack on your own network. Both cost you money, customers, aggravation, and damage to your brand reputation.
You can’t protect yourself from supplier cybersecurity risk by doing less business digitally. Digital expansion is a core component of all business growth in the 21st century. Instead, consider the following three stratagems for risk mitigation:
Of course, there are a few other ways to mitigate your supplier-related security risks. Cyberinsurance is one. Supplier diversification is another. But insurance companies are going to require cybersecurity assessments anyway. And diversification only increases your risk if you add more suppliers without holding them to a higher security standard.
So don’t wait until one of your key suppliers suffers an attack. Start mitigating the risks that such an attack poses to your business today To learn more about how I can help you mitigate your supplier-related business risks, reach out to me by filling out this contact form today.