Increased competition, changing regulatory requirements, ever-shifting customer expectations and the threat of theft, terror and natural disaster are all forces driving increased supply chain activity. Your enterprise is part of a broader supply chain that is constantly being tested for weaknesses.
We have seen the negative side of long and dynamic supply chains again and again. In June 2005, Card Systems Solutions was hacked and 40 million customers’ personal credit information was exposed despite best practices and security requirements demanded by their customers: Visa, MasterCard, AmEx and Discover. That made Citifinancial’s loss of 4 million customer accounts during the prior month in May 2005 pale in comparison.
Fast forward and despite millions of dollars invested, neither asset nor data protection has improved much. This June, Ohio revealed that the names and Social Security numbers of all 64,000 plus state employees were on a stolen computer. And while the immediate damage cannot be estimated, it is clear that these thefts do come back around and bite organizations.
The well-publicized 45.7 million-customer information hack at TJX bit hard until a well-organized money-laundering scheme was recently broken up in Florida. The TJX information was used to create credit cards, which were turned into Wal-Mart gift cards.
Gift of GreedThis one operation is estimated to have purchased over $1 million in goods. And while those committing the crimes were caught, those behind the sophisticated credit card scheme are still at large. This was only one group using the stolen TJX customer information. Certainly others are at-large. By the way, how is Wal-Mart doing with physical asset protection? Annual losses are $3 billion. That is $3,000,000,000.
And it is not just for profit businesses that are at risk. Colleges, public school districts and student record sites, hospitals and the government are in supply chains that improve performance but create risks.
Open vs. SecureIn an age of relentless outsourcing and globalization, how is a security executive to manage the accelerating pace of change? Within any organization the supply chain not only crosses all departments but incorporates a broad array of external partners from suppliers’ suppliers to customers’ customers. What role should security play? How do you interact with numerous departments from purchasing to sales, your logistics suppliers and finance factors or from IT to finance?
To begin, the goal of any supply chain is to improve organizational performance. Crippling events to damaged reputation or brand, negatively impacted stakeholders or bottom line losses including physical theft, data loss, terrorism or risks created by insecure supply chain partners reduce rather than improve performance.
Leading business software company, Infor, identifies three aspects to the supply chain:
- The Internal Dimension- the supply chain you control
- The External Dimension- the supply chain you don’t control
- The Customer Dimension- you have influence, but not total control