Corporate cyber-resilience in the purchasing department
Cybersecurity is an increasingly recurrent agenda within companies, especially in relation to indirect material purchasing departments, since the complexity of the corporate environment provides the emergence of gaps for new and complex fraud risks.
Here we highlight the indirect material purchasing departments, but it is important for the entire company. But why is cybersecurity so important to a company?
The main purpose of cybersecurity is to protect data. Hackers around the world may plan to obtain confidential information for illegal activities, such as setting up fake online accounts to purchase products. Cyber criminals direct their attention to companies due to their large amount of important and sensitive data.
Considered a protection for the information that is processed, stored and transported in interconnected business systems, security in the virtual space is essential for the business when it comes to blocking digital threats.
When it comes to corporate cybersecurity, we can highlight two distinct scenarios:
- The first is the fact that organizations take on fraud protection on occasion.
- The second shows that there is a contradiction between what executives responsible for security in large companies believe can happen (or not) in relation to security risks and what actually happens in practice.
There is a contradiction between the understanding reported by the executives interviewed for a survey conducted by Gartner Research and the reality of the attacks suffered by organizations, which demonstrates that there are still many problems related to the subject in the corporate environment.
The so-called cyber risks (cybernetic or virtual risks) are growing more and more and companies and organizations around the world must accompany this growth, being prepared for such.
Cyber-resilience cannot be achieved if the company only protects itself; it should ensure that all organizations connected to the company comply with the necessary standards.
Organizations should also exchange knowledge and experiences, share information about common threats, dialogue with governments to facilitate the adoption of standards and expand cooperation between organizations. All of this requires cyber leaders to engage in such dialogues and connect technology experts with business and government representatives.
The Three Pillars of Global Cyber Resilience
Promoting cyber awareness
The first pillar requires leaders to explain why cybersecurity is important, how to implement a risk-containment strategy in each organization, as well as basic cyber hygiene rules.
Cyber hygiene is a term that refers to best practices and other activities that computer system administrators and users can perform to continuously improve digital security while participating in online activities, such as web browsing, sending emails, text messages, etc.
The second pillar implies that the necessary cybersecurity norms and rules must be implemented in companies, sectors, and countries.
Many business leaders who have not yet experienced a devastating attack probably don’t believe it can happen to them. They see no value in investing in this sector.
However, in many cases, these leaders don’t evaluate all the losses and long-term consequences that a cyberattack can cause. And, most importantly, they don’t take into account the risks they might pose to other organizations they are working with or otherwise related to.
Appropriate standards and compliance rules at the industry and government levels are needed to meet this challenge, and cyber leaders need to participate in the creation and implementation of these regulations.
The third and most important pillar is cooperation. Cybercriminals collaborate with each other and share information and insights to launch massive and devastating attacks. Collaboration allows them to stay one step ahead.
Organizations around the world need to exchange data on incidents and threats, work together on international action, and not let geopolitical turmoil stop this process.
Applying the concept of cyber-resilience in the purchasing department
The purchasing department is extremely connected to other companies and supply chain agents located around the world. This interconnection and use of software end up leaving this area even more vulnerable to hacker attacks, and can be a gateway for them to have access to sensitive information from other departments of the organization.
This complex context in which the purchasing department is inserted makes it a protagonist in cybersecurity strategies. Based on the pillars explained above, we can define four actions to protect the sector.
Adopt a cybersecurity mindset
Any computer can serve as hacker access to the organization’s systems. Therefore, it is necessary for the entire team to have a vigilant eye for software failures and errors to alert the responsible departments before the problem becomes large and can have a major impact on operations.
It is important for the team to participate in training on the subject so that everyone understands what to pay attention to. In these preparatory trainings, show the team the importance of the cooperation pillar of cyber-resilience. Communication between the team is necessary for attacks to be fought together and for information to be shared about the types of threats and their identification.
The establishment of constant and close communication with the Information Technology departments is also fundamental for the efficiency and speed of responses to attacks.
Map cyberattacks into risk management strategy
The department’s strategic risk management plan must map out the possible attacks that the sector could suffer and instructions on how to respond to each one of them.
Benchmark with partner companies and seek to understand the type of attacks they have suffered and how they protect themselves or solve the problem. Understand the technological resources and skills of the technical teams needed to draw up action plans for each scenario.
Do this same job with vendors. Remind them that systems throughout the supply chain are connected, and attacking one link can have serious consequences for everyone.
Establish defense protocols
As internal studies of cyberattacks are carried out — combined with team training and external benchmarking — you should document findings and develop protocols and checklists of what to do in each type of situation. This knowledge management will make attacks more easily countered by everyone on the team, should they happen again.
Have reliable partners
When choosing a vendor or new partner, remember to check their compliance documents and understand how they manage cyber risk and if there are cybersecurity protocols.
Be part of the change
In an increasingly fast, complex, interconnected world that demands more and more transparency from organizations, it is not possible to continue operations without the team having a corporate cyber-resilience mentality and being trained to fight possible attacks.
As we’ve talked about in our blog on other occasions, to be a successful professional, technical skills and emotional intelligence are not enough today, since it is extremely important to have holistic knowledge about the network connections of supply chains, and the technology that is associated with them.
Paying attention to new market trends — especially the challenges faced by other companies, from other countries and markets — is essential for the development of each professional and the purchasing department as a whole.
To help you on this journey, the Soluparts blog always brings updates on the latest trends, technologies, and techniques in the market, so you don’t miss out on anything. Subscribe to our newsletter and receive our articles in your email monthly.