Community

Find answers, ask experts and talk with the procurement community

Tools

Do you want to deliver savings faster, reduce risks and transform functional performance?

Industry leading events

Inspirational leading procurement thinkers and innovators, providing unique opportunities to network and share best practice.

Upcoming events

West Coast Forum 2018

San Francisco - June 2018

Bringing together the West Coast’s brightest minds in procurement from the most innovative and disruptive technology firms and leading global businesses for 1 day of insight, inspiration and interactive discussion to accelerate the performance of your procurement function.

6th Annual East Coast Forum

Boston - 13-14 September, 2017

Join procurement innovators from across the Americas to debate hot topics and develop innovative strategies and practical solutions, enabling you to transform every facet of your procurement function.

Plus, executive briefings offering optional tailored content for Senior Financial Services & Marketing Procurement professionals.

Resources

My Profile

Lessons for procurement from the biggest ransomware attack in history

shutterstock_345251123

In May, a group of hackers called WannaCry hit a number of the world’s largest organisations with a ransomware attack that encrypted data and demanded payment to decrypt it.

 

Some of those organisations targeted included the UK’s National Health Service (NHS), as well as shipping giant FedEx. In total, more than 300,000 computers were hit in 150 different countries.

 

There are key lessons here that procurement should learn in order to protect itself and the business in the future.

 

Cost and chaos

 

The cyberattack has been dubbed as the ’biggest ransomware attack in history’ by cybersecurity experts. It caused chaos for the organisations it targeted. The NHS itself was forced to turn away patients.

 

While the cost to businesses infected has yet to be calculated, a 2017 study by cybersecurity firm CGI and Oxford Economics calculated that FTSE 100 firms are, on average, worse off by £120m after a cybersecurity breach.

 

Procurement handles a considerable amount of sensitive information. This can include information ranging from spend data to details of their suppliers and it would be damaging if any of this was released into the public domain.

 

So, what can procurement learn from this latest cybersecurity threat?

 

Get the basics right

 

The WannaCry ransomware was able to embark on its destructive spree by exploiting a vulnerability in the Microsoft Windows operating system, which is one of the most widely used systems in the world.

 

The software giant had released an update to fix that vulnerability earlier in the year. Yet, as these organisations learnt, not everyone in their organisations had installed this update, leaving the door open for the attackers to squeeze through.

 

As a first step, the function needs to ensure the whole team has updated their systems.

 

Beyond that, it must look at its culture.

 

In the case of the NHS, back in 2002, the National Programme for IT in the NHS was rolled out to create an organisation-wide upgrade to its IT systems but, after spending around £13bn, it was scrapped and deemed largely ineffective.

 

The problem was that in an institution as large and far-reaching as the NHS, a blanket approach simply does not work.

Therefore, the key is to spend time training all stakeholders on the protections that exist, why they exist and the simple steps that can be taken to avoid being a victim of an attack.

 

As hackers become increasingly sophisticated in their methods, procurement needs to take matters into its own hands and mitigate the risk to the business by making sure all its processes are up to date and its data is secure.

 

This article is a piece of independent writing by a member of Procurement Leaders’ content team.

Rachel Sharp
Posted by Rachel Sharp

BLOG NAVIGATION