BitSight partnered with Good Harbor to host a Salon discussion with security leaders from various industries to hear their thoughts on what the breach means for the security industry. See what these experts said that we should learn from this event and what we should do next.
While all areas of risk management involve blind spots, supply chain risk management might be the murkiest. To be effective in this field, risk professionals must account for risks from a wide variety of sources, from bad password management to geopolitical upheaval. Supply chain risks can be difficult to detect, unpredictable, and fast-moving.
Thankfully, technology companies have made the process of managing risk in the supply chain easier. These companies put big data, machine learning, and artificial intelligence to work to increase visibility for risk professionals, giving them the ability to more effectively monitor, prepare for, and mitigate risks within their supply chain.
Depending on the nature of their supply chains, professionals should consider adding at least a few of these supply chain risk management solutions to their toolbox.
Please note that while we will be discussing a few different software products in this post, BitSight does not necessarily endorse the use of these specific solutions.
One of the most important components of any supply chain risk management programs is an up-to-date map of supplier relationships. The more detail this map includes, the more insights risk professionals can draw from it to help monitor and mitigate supply chain risk.
For most companies, mapping tier 1 suppliers is relatively easy. However, true visibility requires knowing who supplies the suppliers. These maps can get very complex very quickly, and relying on humans alone to create and maintain them can lead to missed connections.
Technology companies have stepped in to solve this problem. Solutions from IBM and Achilles both promise to leverage artificial intelligence to help businesses map their global supply chains and produce automated insights about potential risks.
That’s all well and good for physical supply chains, but what about digital ones? After all, risks to technology vendors like cloud services providers and operations software companies can be just as costly as risks to physical suppliers.
BitSight Discover is a tool designed to help businesses map their digital supply chains using externally available data. This tool can be used to identify fourth- and fifth-tier connections and single points of failure that could introduce additional risk.
Environmental Risk Solutions
Artificial intelligence and big data are now being employed to help businesses predict and respond to weather events faster than ever before. These solutions use a combination of forecasting data, real-time updates on infrastructure status, historical data, and compliance factors to deliver risk insights that would not have been possible in the past.
One of these environmental supply chain risk management solutions is Riskpulse, which gives businesses the ability to track the environmental risks affecting shipments. These risks are quantified on a scale from 1-25 and continuously updated, giving risk professionals the power to predict in real time whether shipments along their supply chain will be delayed by bad weather.
Code Verification Solutions
Within a digital supply chain, one of the greatest risks is vulnerabilities introduced by third-party code that has been integrated within a proprietary system. This is exactly the kind of threat that caused a major data breach at Ticketmaster earlier this year.
Therefore, solutions like IBM AppScan and CA Veracode are an integral part of the supply chain risk management toolbox. All third-party code should be scanned for integrity before it’s allowed anywhere near internal systems or data.
Geopolitical Risk Solutions
With so many businesses relying on suppliers and providers on the other side of the world, it can be easy to overlook geopolitical risks to the supply chain.
However, risk professionals in the West can’t be expected to become experts in the complex political realities of China, India, or anywhere else for that matter. So, how can you know whether your critical partners overseas are at risk?
Believe it or not, technology helps in this arena as well. Tech companies like Geoquant aggregate data from social media, news outlets, and other sources, then analyze it using natural language processing and machine learning algorithms to provide near real-time indicators of political risk.
Vendor Risk Management Solutions
Whether we’re talking about the physical or digital supply chains, cyber risk is a major consideration. So-called “celebrity” cybersecurity events like Heartbleed, Petya, and WannaCry can take down huge swaths of a business’s supply chain in less than a day, and these are just the threats that make the news. Every business is subject to cyber threats, and those who are unprepared to defend against them risk operational disruption, regulatory violations, and data breaches.
BitSight Security Ratings indicate the overall cybersecurity posture of a given organization based on externally observable data. This data includes metrics related to compromised systems, user behavior, and diligence. BitSight Security Ratings are updated daily and can be used to quickly ascertain the cyber risk preparedness of an entire supply chain.
Armed with visibility into the cyber risk exposure of their suppliers, risk professionals can take the necessary steps to mitigate potential issues before they get out of hand.
Not every organization needs to use all solutions; however, some amount of continuous monitoring and advanced analytics is necessary to improve visibility into supply chain risk and prepare for the next big problem (no matter where it comes from).