Cybersecurity is not an issue that procurement chiefs can ignore. Organisations such as Deloitte, the UK’s National Health Service (NHS) and Danish shipping company Maersk have all been hit by cyberattacks in recent months – proving no business is safe.
While the attacks on these organisations make the headlines, research by the UK government highlights just how widespread the threat is. In 2016, two-thirds of the UK’s largest businesses experienced a cyberattack or systems breach.
Procurement chiefs have a central role in protecting the business from cyber threats but, to do so, they must carefully consider the following:
There are many different types of cybercriminals. Some are thrill-seekers out to defeat the systems put in place to protect a business. Others are simply determined to cause chaos. There are also those who want to benefit financially from an attack.
Stilianos Vidalis, a senior lecturer in cybersecurity at the UK’s University of Hertfordshire, categorises cybercriminals around three principles:
These hackers thrive on increasing their reputation within the hacker subculture and will leave their handles on websites they have defaced or leave some other evidence as proof that they were involved in a specific hack.
This could assume the form of corporate espionage, whereby companies acquire information on products or services that can be stolen or used as leverage.
Cybercriminals motivated by financial gain will hack systems with the specific aim of stealing credit card numbers or manipulating banking systems.
It is essential procurement chiefs understand the different cyber threats that businesses face.
Distributed denial of service
A distributed denial of service (DDoS) attack attempts to disrupt the availability of an online service by overwhelming it with traffic from multiple sources. Such attacks have been used to target a variety of widely used resources including online banking services and news websites. DDoS incidents pose a major challenge to ensuring important information can be published and accessed.
Malicious software, commonly known as malware, is a label used to describe program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can be used to steal, encrypt or delete sensitive data, alter or hijack core computing functions and monitor users’ activity without their permission.
A type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message. Such attacks can have a devastating effect on an organisation, including significant financial losses, declining market share, reputational damage and broken consumer trust. Depending on the scale of an attack, a phishing attempt might escalate into a security incident from which a business will have difficulty recovering.
One of the simplest ways to protect the business is to ensure staff update computer, tablet and smartphone software. Procurement chiefs should ask their team to embrace a two-step password to gain access to their key accounts and encourage employees to regularly change their passwords.
Many cyberattacks succeed due to human error, rather than technical failure. Ensure staff attend training and are aware of the latest threats to minimise the risk cyber threats pose to the business.
In a hyperconnected, real-time, digital world, organisations often still interact and transact using analogue methods. Adjusting to mass collaboration between departments and adopting scalable processes to enable innovation are the core pillars of success for procurement.
The fifth annual Americas Congress 2018 will address the issues that are central to successfully accelerating functional and cross-functional performance in this disruptive environment.
Join the discussion alongside 200+ procurement innovators next March. Click here to download a copy of the agenda.
This article is a piece of independent writing by a member of Procurement Leaders’ content team.