The Supply Chain Matters blog continues a series of blogs that provide added detail and perspective for each of our ten 2020 Predictions for Industry and Global Supply Chains which we unveiled on December 17.
In our Part One posting in this predictions series, we explored for our readers 2020 Prediction One, what industry and global supply chain teams should anticipate in terms of global and regional economic outlooks.
In Part Two of this predictions series, we explored the detail of 2020 Prediction Two, what we expect to occur in global supply management challenges and trends.
In Part Three of this series we detailed what to expect in the area of supply chain talent management, retention and skills development.
In this Part Four blog, we highlight what to expect in the area of supply chain management related cybersecurity and information security threats in the coming year.
Background and Introduction
On an annual basis, and since our inception in 2008, The Ferrari Consulting and Research Group and our associated Supply Chain Matters blog publishes a series of supply chain management focused annual predictions which are both described, monitored and scored for actual occurrence at the conclusion of the year.
Such predictions are provided to clients, technology providers and blog readers in the spirit of advising senior and line-of-business executives, multi-industry cross-functional supply chain management and supporting information technology teams a sensing of what to expect in the coming year, Our goal is to depict how likely global, regional, economic, business and industry trends will impact and likely influence required supply chain management actions in the coming year.
The context of these predictions include a broad cross-functional umbrella of what is today considered supply chain management, and includes areas of leadership and strategy, product management, strategic sourcing and procurement, supply chain planning and customer fulfillment, manufacturing, logistics, transportation and customer service management.
Now to our specific prediction:
2020 Prediction Four: Proactive Cyberattack Defenses and Information Security Safeguarding Across Supplier, Contractor, and Customer Demand Networks Remain a Mandatory Requirement.
Prediction Summary
We were once again compelled to add the ongoing threat of cyberattacks and the safeguarding of sensitive information to our annual predictions report. Proactive cyberattack defenses and information safeguarding across supplier, contractor and customer demand networks remain a mandatory requirement in the coming year.
We further predict that with the increased adoption of Cloud and B2B technology among various supply chain management technology landscapes, such cyber and information security defenses will invariably include any technology provider network platforms as well. Third party platforms will need to include provisions in services contracts for active security measures and safeguarding along with designated security audits to be reported to hosted companies.
We continue to predict that cyber-risk and information security safeguarding will consume 2020 management attention at all levels. Since supply, manufacturing, services and demand networks each have multiple points of vulnerability, they will likely remain the weakest links in cyber-risk management. As we have noted in published blog posts and updates, the likelihood of additional incidents of supply chain targeted cyber-attacks impacting businesses and industry remains high as are the business implications of compromised sensitive data.
Small and medium businesses are especially vulnerable in this area, having to mostly rely on smaller in-house IT support teams with limited bandwidth to address the increased sophistication of hackers, and with having for the most part, reliance on specialized IT contractors for either defenses, or actual mitigation of incidents. This remains a vulnerability point among networks without supplemental security focused technologies.
We further predict that in 2020, consideration must be given to retiring some rather old legacy systems and software applications that are identified as likely information security risks.
Advanced Technology Factors
New technology factors for consideration on the cyber-security landscape in 2020 will be the continued leveraged use of artificial intelligence (AI) and machine learning (ML) technology on both sides of the threat spectrum.
Sophisticated, often state-sponsored hackers will increasingly leverage AI/ML to exploit vulnerabilities and weak security links among targeted businesses. That will make the threat of and scope of attacks even more prevalent.
At the same time, individual companies and their supply chain management focused IT groups, as well as Cloud based technology providers themselves, are increasingly able to leverage similar use of AI/ML technology in areas of cyber and information security to automate defense mechanisms and quickly identify and respond to threats before they become far more damaging. Enterprise technology and data management provider Oracle continues to have a dedicated emphasis in leveraging advanced ML in these specific defense areas for both overall data management and applications security. Similarly, a host of emerging and specialty AI/ML technology providers are similarly focusing on targeted areas of cyber and information security defense and response.
Prediction Background and Added Data
For years 2018 and 2019, we predicted that cyber-related risk and information security safeguarding would consume business, IT and industry supply chain teams, not so much by choice, but from compelling needs dictated by stockholders, boards and C-Suite executives.
In 2018, The World Economic Forum disclosed results of a survey among over 12,000 executives around the world regarding what they believed were their biggest risks in doing business. Cyber-attacks and data fraud were identified as two of the top five global risks in terms of likelihood. Yet other surveys indicated that some senior executives were yet to acknowledge cybersecurity as a strategic priority. Survey data related to this topic often does not reflect a true reality since top-level executives are reluctant to discuss this topic for obvious reasons.
Hackers and state sponsored cyber thieves have moved toward a new fifth generation of attacks that is now surpassing the defensive capabilities of individual businesses. Cyber and national security experts continue to reinforce that cyber threat incidents are going to get worse before they get better because of the added sophistication of cyber predators. Chief information security officers are similarly concerned about the ongoing next generation threat sophistication.
One brute reality that continues to be evident is that many supply chain management and IT teams have had little or no visibility into suppliers among multiple tiers of supply networks, including various system interfaces. An April 2019 report from Cybersecurity News indicated that 50 percent of attacks that target supply chains seek lateral movement or “island hopping” where hackers target not just the primary organization but those connected along the various tiers of the supply chain.
This will continue to be a vulnerability without active defenses and countermeasures on the part of supply and customer demand networks large and small.
We once again encourage clients and readers to take the time to review what to anticipate in the coming year and how your organization can be best prepared.
As we continue our highlighting of each of our predictions in added detail, please continue to provide your individual feedback along with what specific area that most concerns you in the coming year.
Bob Ferrari
© Copyright 2019, The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.
