Supply chain disruptions have made international headlines since the COVID-19 pandemic began, but enterprise security leaders have been working behind the scenes for decades to secure their supply chains from threats.
In today’s economic and historical environment, current events such as bottlenecking at ports and staffing shortages have widespread effects on business continuity and supply chain operations, according to the Everstream 2022 Annual Supply Chain Risk Report. Additionally, the uptick in severe weather and increased climate risk have also affected global supply chains through issues related to water instability and sustainability regulations.
The Power of a Positive Security Culture
Threat actors have targeted global supply chains using tactics such as theft and fraud, according to the British Standards Institute (BSI) Supply Chain Risk Insights Report. Attacks including cargo theft and hijacking are some of the top external threats to watch for, says Brent Black, Assistant Director, Supply Chain Security at Hy-Vee, a grocery chain with locations across the Midwestern United States. Black says that fostering a security culture in the company’s driver cohort has been critical to preventing physical attacks on truck shipments. “If they see something that they think is out of place or would jeopardize their safety or the security of other drivers, they’ll come forward — either to leadership or directly to the security function,” Black says.
That positive security culture — and corporate culture in general — also helps mitigate insider threats to the supply chain. If insiders decide to intentionally disrupt a supply chain, their level of access and knowledge of company processes can make them a significant threat. However, combatting this with a fair working environment can help prevent insider threats before they escalate. “Providing employees with great benefits, compensating them well, and treating them like family” are some ways enterprise organizations can mitigate security risks by building trust between employees as well as the leadership level at organizations, says Black.
Aside from employee compensation, both business leadership and Human Resources (HR) play an important role in mitigating supply chain security disruptions. Scott Martino, Senior Director, Global Supply Chain Security & Intelligence at Sensitech, says that HR practices such as background checks and rigorous hiring processes can help reduce insider risk. Martino, who leads a team of supply chain security professionals to analyze global risk, conduct investigations and assess supply chain security practices, says that HR practices are one piece of the supply chain security puzzle. “Having a security program in place that will make someone think twice about targeting your shipments or facilities and move on” is a critical goal for supply chain security professionals, he says.
Ongoing Supply Chain Risk Assessments
Continually assessing enterprise security posture is key to achieving that goal, Martino says. “Make sure that you have someone who’s going out and evaluating your security programs, looking at your facilities, and making sure that all of those different layers that you set up are actually being used,” Martino says. These security checks can extend to suppliers as well to reduce third-party risk in an enterprise’s interconnected supply chain, Martino continues.
Black conducts regular physical penetration tests at Hy-Vee facilities to make sure the firm’s security strategy stays up to date with current threats. By posing as an unknown individual attempting to gain access to a facility, security leaders are able to simulate an incident and test the organization’s security plan. Testing not only an organization’s perimeter security, but also its internal access control and employee security awareness can help a security team assess the maturity of a layered strategy.
Physical Security Technology and Access Control
A security plan that includes layers of technology and people can help harden an organization against supply chain disruptions, according to Martino. With a positive security culture, employees aid in loss prevention and incident mitigation, but — considering the effects that staff shortages have had on global supply chains — employees can only do so much without the help of security technology.
Video surveillance around entrance and egress points in a facility; electronic shipment location monitoring; and global threat intelligence programs all play a role in global supply chain security, says Martino. “Having some type of technology in place and being proactive on gathering intelligence and knowing the criminal landscape is also very important,” he adds.
In addition to surveillance on a building’s perimeter, security cameras on delivery trucks can help mitigate supply chain disruptions, says Black. If criminal activity such as cargo theft were to occur, “cameras can help out with the video evidence in prosecuting or investigating the person or group behind the crime,” he says. Visible security cameras could also serve as a deterrent to would-be attackers, preventing an incident before it occurs.
Taking a proactive approach to supply chain security by leveraging technology, employee security awareness, and performing ongoing tests of enterprise security posture can help security professionals stay ahead of supply chain disruptions. “Don’t wait until an incident happens,” Martino says. “Security leaders need to be prepared to respond swiftly by acting on pre-established contingency plans and be able to assess the situation, anticipate what the impacts might be, and adopt the right protocols to resolve the supply chain disruption.”