By Jake Olcott, VP of Government Affairs at BitSight.
All areas of risk management involve blind spots, including supply chain risk management. To be effective in this field, risk professionals must account for risks from a wide variety of sources, from bad password management to geopolitical upheaval. Supply chain risks can be difficult to detect, unpredictable, and fast-moving.
Thankfully, technology companies have made the process of managing risk in the supply chain easier. These companies put big data, machine learning, and artificial intelligence to work to increase visibility for risk professionals, giving them the ability to more effectively monitor, prepare for, and mitigate supply chain risks.
Depending on the nature of their supply chains, professionals should consider adding at least a few of these supply chain risk management solutions to their toolbox.
One of the most important components of any supply chain risk management programme is an up-to-date map of supplier relationships. The more detail this map includes, the more insights risk professionals can draw from it, helping them to monitor and mitigate supply chain risk.
For most companies, mapping tier-one suppliers is relatively easy. However, true visibility requires knowing who supplies the suppliers. These maps can get very complex very quickly; relying on humans alone to create and maintain them can lead to missed connections and relationships.
A variety of technology providers have stepped in to solve the problem, leveraging artificial intelligence to help businesses map their global supply chains, and produce automated insights about potential risks.
That’s all well and good for physical supply chains, but what about digital ones? After all, risks to technology vendors like cloud services providers and operations software companies can be just as costly as risks to physical suppliers.
Organisations need to be working with solution providers to utilise externally-available data, to map digital supply chains. These can also be used to identify fourth and fifth-tier connections and single points of failure, which could introduce additional risk.
Environmental Risk Solutions
Artificial Intelligence and Big Data are now being employed to help businesses predict and respond to weather events faster than ever before. These solutions use a combination of forecasting data, real-time updates on infrastructure status, historical data, and compliance factors to deliver risk insights that would not have been possible in the past.
Supply chain risk management solutions give businesses the ability to track the environmental risks affecting shipments. These risks can be quantified and continuously updated, giving risk professionals the power to predict, in real-time, how whether shipments along their supply chain will be delayed by bad weather.
Code Verification Solutions
Within a digital supply chain, one of the greatest risks is vulnerabilities introduced by third-party code that has been integrated within a proprietary system. This is exactly the kind of threat that caused a major data breach at Ticketmaster earlier this year.
Therefore, solutions like IBM’s ‘AppScan’ and CA Veracode, are an integral part of the supply chain risk management toolbox. All third-party code should be scanned for integrity before it’s allowed anywhere near internal systems or data.
Geopolitical Risk Solutions
With so many businesses relying on suppliers and providers on the other side of the world, it can be easy to overlook geopolitical risks to the supply chain.
However, risk professionals in the West can’t be expected to become experts in the complex political realities of China or India, for example. So, how can you know whether your critical partners that are based overseas, are at risk?
Believe it or not, technology helps in this arena as well. Aggregating data from social media, news outlets and other sources, can be analysed with natural language processing and machine learning algorithms. This can subsequently provide indicators of political risk, in near real-time.
Vendor Risk Management Solutions
Whether we’re talking about the physical or digital supply chains, cyber risk is a major consideration. Well-known cybersecurity events like Heartbleed, Petya, and WannaCry, can take down huge swathes of a business’s supply chain almost immediately. Every business is subject to cyber threats, and those who are unprepared to defend against them risk operational disruption, regulatory violations, and data breaches.
This is where security rating tools can indicate the overall cybersecurity posture of an organisation, based on external-facing data. This information includes metrics related to compromised systems, user behaviour, and diligence. Updated daily, these can be used to quickly ascertain how prepared an organisation’s entire supply chain is for a potential cyber-attack.
Armed with this visibility into the cyber risk exposure of their suppliers, risk professionals can take the necessary steps to mitigate any potential issues before they get out of hand. Not every company needs to use all of these solutions. However, they should undertake continuous monitoring and advanced analytics, to improve visibility into supply chain risk.