Cyber Security: Is Your Supply Chain Putting Your Business at Risk?
Many Irish organisations overlook cyber security threats from the supply chain. Partners, customers and suppliers can pose a serious risk to your business – you’re only as strong as the weakest link in the chain.
Pat Larkin, CEO, Ward Solutions
  Organisations need to be connected to their supply chains in order to be responsive, competitive and profitable. This means high levels of integration
at all levels – both commercially and through automat- ed end-to-end business processes between customers, suppliers and sub-suppliers. Unfortunately, it also poses cyber security risks.
Evolution of cloud and increased cyber security threats
While acting as a business enabler and accelerator, cloud computing has also introduced a new set of supply chain links, posing additional cyber security threats and risks to organisations.
A recent survey from Marsh Insurance showed that 70% of large and medium-sized enterprises in the UK don’t assess their suppliers and customers for cyber security risk. Our experience in the Irish and Northern Irish markets reinforces this finding.
Many recent high profile international and local cyber security disasters, including information breaches, service outages etc., reportedly originated through the supply chain.
The widely publicised breach of retail giant Target last year was reportedly caused by a HVAC supplier, which was used to inject malware via phishing emails to Target
customers. This resulted in the theft of more than 70 million personal customer records and 40 million credit and debit card details.
Damage of cyber security threats: more than money lost
High profile breaches have huge financial repercussions for businesses affected. In Target’s case, it was reported that quarterly profits dropped by almost 50%. The cost to banks and credit unions of reissuing more than 20 million debit or credit cards, meanwhile, was almost €200 million.
It doesn’t end there. Cyber breaches can quickly become viral news stories, and the reputational damage can be irreparable. Customers find it hard to trust a business they feel has broken their trust – no matter where the breach originates. The buck stops with you, plain and simple.
Ireland case study: Loyaltybuild
These breaches are not confined to international organisations. The 2013 Loyaltybuild breach, which was investigated by the Irish Data Protection Commissioner (DPC), highlights the impact that a breach in the supply chain can have on major brands in the Irish market.
“Loyaltybuild Ltd. failed to implement adequate security measures to protect the data it held on its
 86 The CharTered InsTITuTe of LogIsTICs & TransporT
 CYBER SECURITY