Much has been made of the Target security breach. And rightly so. It has not only been disruptive to Target, their investors, and their employees – but the very people that made them commonly referred to as Targét, their consumers. But what makes them different than any other retailer or customer facing enterprise?
They got caught.
As the term ‘supply chain risk’ grows in common conversation, is it really all that new? We’ve seen the definition of supply chain risk morph across the lifecycle of supply chain processes from quality…to security….to resiliency…to the current focus on product integrity of hardware, software and services (as in the Target situation). But what makes it all different?
First and foremost, an enterprise needs to understand their internal risk tolerance and the areas they have exposures – or vulnerabilities – that can be exploited when dealing with an intentional or unintentional malicious act. In the Target breach, it is yet to be seen if the services organization intended to hurt Target – or did two unintended actions create this malicious reaction and impact. Even the Federal Government is getting in on the act, as seen in the H.R.3547 – Consolidated Appropriations Act, 2014.
What’s the solution? Know where you are exposed. I’m not suggesting building iron walls around your business – but you do need to take an inventory of where opportunities exist to wreak havoc in your daily operations and understand the level of risk. Then seek out increased direct engagement with your supplier base – both the prime supplier as well as any upstream suppliers. This may be through supplier questionnaires or via open source business intelligence and analytics. You might be surprised how much you can learn from the internet about your suppliers – things they might not even know about themselves.
We are a global economy and it is getting increasingly more difficult to find the true beginning and end of anyone’s supply chain. As the multiple Target articles point out, you are only as strong as your weakest link.
Did the supplier mean to impact Target this way? Or was it simply lax network security measures that allowed the services provider to pass along this massive impact to Target and their customers. Yet to be seen. Do we think Target is doing much homework on all of their other suppliers that touch their network?
We sure hope so.
And we hope you don’t need your own ‘Target experience’ to begin understanding your internal risk tolerance, where you are exposed, and start working with your suppliers to plug these opportunities for impact.