Prediction Four of the Ferrari Consulting and Research Group’s 2020 Predictions for Industry and Global Supply Chains declares: Proactive Cyberattack Defenses and Information Security Safeguarding Across Supplier, Contractor, and Customer Demand Networks Remain a Mandatory Requirement. 
Our prediction implies that since supply, manufacturing, services and demand networks each have multiple points of vulnerability, they will likely remain the weakest links in cyber-risk management. As we have noted in published blog posts and updates, the likelihood of additional incidents of supply chain targeted cyber-attacks impacting businesses and industry remains high as are the business implications of compromised sensitive data. It therefore behooves supply chain management leaders to prioritize this area for active mitigation as well as response actions.
Tala Tek Announcement
One highlight of this week’s news related to advanced technology comes from TalaTek, a provider of governance, risk and compliance (GRC) software technology, and which is pertinent to mitigating cyber and information risk. The technology provider announced the availability of what is termed as Tala Tek Intelligent Governance and Risk Integrated Solution (TIGRIS), reportedly designed to automate and simplify the GRC process for both businesses and government.
The technology was designed to provide a single system that includes a unified dashboard for enterprise visibility and control across an organization in order to help management make better informed decisions relative to cyber security.
According to the announcement, TiGRIS meets the U.S. government’s FedRAMP’s security, authorization and continuous monitoring requirements set forth for Cloud service providers. That would include standards for encryption of data at rest and in-transit, along with secure account access using multi-factor authorization. This ensures appropriate levels of data privacy and predetermined security standards are met.
That is an important distinction for businesses and supply chain managements teams providing products and services being offered to the federal government or involved in deemed sensitive industries related to national security. There is increasing concerns related to cyber threats from state-related actors or sophisticated hackers looking to do harm or gain financial benefit.
This week, this Editor had the opportunity to speak with TalaTek executives  Baan Alsinawi, Founder and President, and Johann Detweiller, Director of Operations. Our conversation focused on cyber and information risks associated with extended supply and customer networks so prevalent in today’s domestic and global networks.
Supply Chain Matters readers are likely aware from both our year 2020 predictions and are ongoing commentaries that the accountability for mitigating overall cyber and information risks invariably resides at C-Suite levels. The threat is so pervasive and the potential disruption to core business processes is such that it has reached Board level attention. This is primarily because of the business-wide threat, and as Founder Alsinawi noted in our discussion, the need for a holistic and cohesive enterprise wide security approach.  In fact, TalTek executives acknowledged that the primary target buyers are these C-suite executives. That stated, it is recognized that areas of vulnerability often lead directly to any business’s respective supply chain systems and networks.
While decisions are being made each and every regarding the sourcing of either manufacturing, select services or other supply network needs, considerations for adhering to cyber threats and information security often need to be a consideration and defined component in such decisions. Today, other decisions need to be made relative to business-wide cyber risk governance and response. That is why it behooves senior supply chain or operations executives to proactively reach out to the C-Suite executive tasked with cyber and information security leadership, which can likely be the IT Director, CIO or CFO.
The need is to add the voice and collaboration of supply chain groups to be able to make what is described as risk-informed decisions, weighted against the costs of an isolated or enterprise-wide data security breach.
As noted in this highlighted technology announcement, evolving GRC technology now includes system measures that proactively observe and identify threat areas, understand related actionable risk analysis and provide continuous monitoring of cyber threats up and down the supply chain. According to Alsinawi, it is an assessment of what matters most to the business and the degree of toleration related to cyber risks.
Bob Ferrari
© Copyright 2019, The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.
