sb-nz logo
Story image

Disruption in the supply chain: Why IT resilience is a collective responsibility

14 Dec 2018

Article by Sandra Bell, Head of Resilience, Sungard Availability Services

Organisations are built upon complex and diverse networks of interconnected players. However, the technology that has enabled these players to work together can also make them vulnerable. 

On one hand, the globalisation of information systems has provided the means for organisational growth and economic prosperity through the easy access of highly available information. On the other, it has facilitated the democratisation of the cyber threat by making the skills and knowledge to exploit information systems widely available. 

Likewise, disruption, of any type, at one end of the chain can reverberate throughout the entire network. For example, the so-called ‘NotPetya’ attack originated from a single implementation targeted at Ukraine but ultimately spread well beyond its borders along supply chains to affect numerous companies globally, causing hundreds of millions of dollars of damages.

But organisations do not have a monopoly on these communication structures and social media has enabled highly public two-way conversations between those at the root of the disruption and those impacted by it, providing a platform for the latter to voice their grievances. 

Unfortunately for organisations, this can have potentially devastating consequences for their relationships with stakeholders and the reputations on which they are built. Competition is fierce, and these stakeholders can, and will, take action to cut businesses out of their global supply chain if they are considered a risk.

Mitigating supply chain risk

Business Continuity teaches us to minimise our supply chain risk by having multiple suppliers for key products and services. 

It has also become common practice to try to further reduce risk by arms-length contracting and “incentivising” supplier performance with hefty fines for non-delivery. These are both excellent strategies if all you want to do is “survive” a disruption. 

However, the modern consumer, who has access to the global marketplace, is no longer satisfied to wait for an organisation to execute a heroic recovery and will vote with their feet at the first sign of trouble.

Organisations, therefore, need to be able to “thrive” despite uncertainty and disruption. To do this, they need friends.

Best practice for networked operations

There are three key ingredients to being able to thrive. First, businesses need to be adaptive, knowing when to change and optimising operations according to the outside environment. Leadership is also crucial – with leaders instilling in people the will to succeed during challenging times. The third and final area - one which is frequently neglected by organisations - is their network. 

Forging and maintaining effective relationships with stakeholders, customers and suppliers is a key component not simply to being able to maintain successful operations, but also to maintaining a competitive advantage and achieving profit and growth. 

This is where an IT can really help. We saw earlier that globalised IT systems facilitated growth and how it has been used against us to create a vulnerability. But if organisations have resilient IT both internally and with their partners, they can also use it to ensure that relationships do not crack under pressure. 

Using IT resilience to promote trust agility and collaboration

How can organisations move from arms-length adversarial relationships to one where they are mutually supportive without placing themselves at undue risk? The first thing to do will be assessing the value of each relationship.

 For example, if the value is measured simply by the commercial contribution that each person makes, the relationship will only be safe when a hard value is being provided.

In contrast, closely coupled networks - where parties help each other out when things go wrong - will be more resilient. Highly collaborative relationships where knowledge and insights are shared mean that people will think twice about dropping you like a stone when things go wrong.

Here are five ways organisations can use IT resilience to create collaborative relationships and boost resilience:

  1. Aim for flexible business relationships - Flexible relationships facilitated by regular information exchanges are mutually beneficial and supportive rather than adversarial. The marker of a resilient organisation is one that is not totally averse to taking risks, and look instead at how the risks of the entire value chain can be best shared among its players
  2. Build strong communications – Shared resilient IT will provide multiple channels through which you can have a constant dialogue with your suppliers, vendors and customers. It will also allow you to talk to them at the earliest stage possible when something goes wrong demonstrating foresight, agility and integrity which will help businesses to avoid grievances being shared on social media
  3. Show commitment to the relationship – Work together to build resilient connections. Businesses that have a vested interest in working on joint future products and services signal to the rest of the network that they are investing for the future rather than just in it for the profit
  4. Ensure that relationships are a strategic issue – IT resilience is often seen as a cost or an insurance for when something goes wrong. However, relationships can be existential. Therefore, if you want the attention of the board make corporate resilience your driver for IT resilience
  5. Practice as a team – When multiple organisations respond together, things get complex. A football team wouldn’t enter into a tournament where the first time the players meet is on the pitch. Organisations should, therefore, use their IT infrastructure connection to wargame their responses to different scenarios and learn how each other responds before it has to be done for real

Weathering the storm

A simple software glitch somewhere in your supply chain is all it takes for you to experience disruption. While most organisations will invest time and money drawing up contingency plans to get the business back on its feet in as short a time as possible, attention must also be paid to the impact a disruption can have on the networks in which they are embedded. 

A robust and agile IT infrastructure can not only be used for transactional purposes between customer and supplier but can also be used to ensure that key relationships with other components of the supply chain are nurtured. A truly resilient organisation will invest in building strong relationships 'while the sun shines' so they can draw on goodwill when it rains.

Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More