Return to site
What You Should Know About Procurement Cybersecurity
November 2, 2022

The logistics industry has evolved, leveraging technology and software to improve and streamline its supply chain processes. The transportation and logistics sectors have modernized operations through digitization, allowing for automated ordering and improvements in shipment tracking. But as the industry becomes more digital, it also increases its risk of becoming a victim of sophisticated cyberattacks.

According to a report released on CyberTalk.org, the transportation and logistics sectors experienced a 186% increase in ransomware attacks between June 2020 and June 2021. The motives behind cyber attacks range from political and competitive reasons. But an alarming number of cyberattacks are carried out for ransom or by a malicious insider.

The depth of a data breach risk

The procurement cycle involves people, processes, technology, and regulation factors – increasing a logistics company’s overall risk exposure. While the online nature of procurement comes with many advantages, it also leaves it open to a growing number of cybersecurity threats. Resource planning solutions store and transmit sensitive customer and vendor information, including:

  • Names and private data – full names, birthdates, and social security numbers
  • Addresses – home and office locations
  • Account information – invoices, enterprise tax information, and purchase history
  • Financial data – credit cards and bank accounts
  • Vendor and supplier data – contracts and bids

Data breaches can lead to expensive lawsuits, brand damage, and revenue loss. And depending on the attacker’s intentions, a breach can expose corporate secrets. Remediation costs can reach hundreds of thousands or millions, depending on the size of logistics operations and the extent of supply chain disruption.  

Fortifying cybersecurity measures to mitigate risk

Because the procurement process involves processes, employees, and compliance policies, a logistics company’s cybersecurity efforts must cover all contributing factors when developing its cybersecurity framework. To reduce risk, the procurement department should:

Train staff properly

Employees that are not sufficiently trained in cybersecurity make it easier for cybercriminals to gain access to systems. Staff should be aware that files from unknown and unsolicited sources can be vectors for attacks. Employees should be educated on the safe use of their mobile devices and the risks of using public WiFi.

Audit current capabilities and assess levels of risk

Beyond understanding the severity and potentially crippling impact of threats, procurement companies need to identify vulnerabilities and points of access. Understanding the possibility of intrusion will help identify the need for defense mechanisms. When degrees of risk have been recognized, the procurement team, in collaboration with the IT department, should determine whether their existing technology and software are enough to detect and neutralize cyberattacks. The goal should be to prioritize security threats impacting critical assets.

Monitor security controls regularly

Cybersecurity management requires a due diligence process, demanding regular and continuous monitoring and preventive measures. Cyber Attackers are also developing new tactics to crack into systems and gain access as the logistics industry evolves to become more digital and automated. Therefore, streamlining internal processes and leveraging the right defensive tools should always be part of the procurement process’s risk-based approach.

Enforce cybersecurity assessment of suppliers' ICT products, processes and services 

62% of cyberattacks thatoccurred in 2021 exploited the confidence that companies have in their suppliers according to a recent report by ENISA. Indeed, to mitigate the risks, companies should verify the level of cybersecurity of ICT products, processes and services that they acquire from third-party suppliers. They could be rely on cybersecurity requirements defined in standards such as the EN 303645 for consumer IoT products and could be supported by third-party labs or tools such as CyberPass to enforce conformity assessment and manage thelevel of security during the whole life-cycle. 

If you wish to learnmore about procurement cybersecurity, get in touch with specialized experts.