The world is changing fast. We all know that and feel it every day. Technology, computers and the internet control almost everything we do today.
To get a feel of the degree in which computers have taken over and how our lives are impacted by the internet, read The President is Missing by Bill Clinton and James Patterson. The main theme of the book deals with hackers who have developed a plan to shut down the internet, worldwide. The disastrous effects of that happening are described in detail in the book. It’s frightening and beyond belief. The world economy basically stops.
Who could have imagined, 30 years ago, that computers would become the support system of virtually everything we do? A good example of this can be found in the realm of supply-chain security. If you look up the term today, 90 percent of what you will find will talk about the “information” supply chain, its vulnerabilities and how to protect it. Supply-chain security best practices are now a highly technical subject in a highly technical world.
For most loss prevention professionals, however, supply-chain security still centers on cargo, trucks, warehouses and transportation. The 2018 Semi-Annual Global Cargo Theft Intelligence Report was recently published by BSI Supply Chain Services and Solutions in conjunction with international transport and logistics insurer TT Club. The report warns of a rising trend of crime related to cargo theft.
Several key findings were:
- The food and beverage sector suffer the highest rates of cargo crime (27% of all incidents).
- Consumer products and high-tech continue to be prime targets.
- Trucking is the most targeted transportation mode, representing 75 percent of all cargo theft incidents.
- Warehousing is the second most vulnerable target.
- India and China are hotbeds of cargo theft in Asia.
- Corruption is a primary contributor to cargo theft incidences in the Middle East and Africa. Hijacking is also common.
- Lack of secure parking in Europe motivates truck-related cargo thefts.
- Unattended trucks are the primary targets in the United States and Canada.
- Violent hijackings are prevalent in Mexico and Central America.
- Cargo theft hijackings happen more in South America than anywhere else in the world
So, what to do? A lot of supply-chain security best practices have to do with good, old-fashioned physical security methods that most loss profession professionals are familiar with; locks, fences, truck tracking, background checks, modern seal methods, etc. But the whole subject of computer and IT-type supply-chain threats is becoming a major focus. Supply-chain security best practices in this arena are being developed daily. From a recent Microsoft webinar on supply-chain risk:
1. Vet suppliers, service providers and products. One of the most important elements in supply-chain security is vetting on three separate levels. First, companies should make sure suppliers vet their own personnel, especially for positions where employees have access to data, systems and facilities of their customers.
Second, organizations need to vet any service provider—from janitors to HVAC personnel—that might require access to company information. Third, enterprises must vet all products they intend to integrate into their IT environment. There are third-party companies that specialize in the vetting process.
2. Use security controls and contractual penalties. Vetting is only the first step when it comes to supply-chain security. After completing the vetting process, organizations should trust but verify via the use of regular security audits. Enterprises can couple these reviews with key security controls, such as segregation of roles and privileged assess, as well as contractual penalties for suppliers or service providers that fail to meet the requirements specified in their vendor agreements.
3. Diversify your company’s providers. Just as every organization adheres to a different business model, every company maintains different supply-chain security best practices and standards. Such variability works in the interest of an organization’s efforts to secure its supply chain. Companies should never have single points of failure (i.e., just one supplier) along their supply chain. Businesses should diversify their providers, but only to a certain extent. Too much complexity can compromise effective supply chain security.
4. Partner with industry and government. Organizations can take their supply-chain security to the next level by partnering with industry and governments. They can leverage these partnerships in several ways. One is helping fuel the call for industry to share digital threat intelligence. Another is working with government entities to create a set of standards that apply to securing the digital supply chain.
Supply-chain security has truly become multi-faceted. Physical protection methods are still very much needed, given the recent worldwide statistics on hijackings, robberies and physical cargo thefts. Then there is the protection of data and the information highway related to supply chain and its growing importance. Both are critical for any retail organization.