In recent years malicious actors like cyber criminals have turned their attention to the supply chain. scoutbee´s cyber security team has now created a bespoke information security framework, specifically designed to meet and exceed the unique challenges faced by our customers. The elements of scoutbee´s security framework are designed to proactively drive improvements in quality and security.
During the last 5 years, the change within companies’ procurement departments has intensified. In many cases, the change is supported by the use of scoutbee’s AI-powered supplier search and/ or supplier information management, using smarter data to empower a more proactive approach to strategic supply chain challenges, which has resulted in reduced risk and costs, both in terms of materials and man hours, and faster innovation.
The Information Security threat landscape has also changed significantly in recent years. As enterprises have bolstered their cybersecurity capabilities, malicious actors targeting large mature organizations have turned their attention to their supply chain and partners to get a foothold or even directly access the enterprise’s data these partners may have.
- The 2021 report by European Agency for Cyber Security [ENISA] predict a four-fold increase in supply chain attacks in the coming year.
- “Thieves are primarily after corporate secrets […] such as patents and trademarks. Most valuable to perpetrators are trade secrets and proprietary business information that can be monetized quickly.” [Deloitte]
- “63% of data breaches come from exploiting internal weak points in a company’s customer & vendor network.” [McKinsey]
A security framework for the safety of our customers
To stay ahead of this rising threat, and to verifiably ensure the safety of our customers’ data (including their intellectual property and supply chain details), scoutbee has invested and built-up, under the lead of CISO Greg van der Gaast, an information security function that has developed a bespoke framework to address the needs of our business, our industry, and our customers. The elements of scoutbee´s security framework are designed to proactively drive improvements in quality and security, reassuring our customers that their data will be secure now, and in the future.
scoutbee’s proactive approach on information security
Often organizations that actively scan their network for vulnerabilities before working through the list fixing or mitigating tend to be described as having a proactive approach to information security. Whilst this is certainly an improvement over the traditional system of reacting and remediating and is a positive step on the journey, scoutbee recommends additional proactive measures to better protect customer data.
scoutbee’s pioneering framework is designed to comprehensively deliver around the 3 P’s of information security in proactive procurement:
To drive proactive information security, you need the entire company to be your eyes and ears, not just the infosec team. Everyone from the janitor to the CEO needs to feel confident that they can raise issues as and when they see them, without fear of blame or reprisals. This is something we have started to implement through our pioneering application of the Human Factors Analysis and Classification System [HFACS] to information security. We’ll talk more about that in the next few weeks…
Processes play a huge role in proactive security, by helping prevent issues occurring in the first place. If a process is poorly defined it’s easy for people to make mistakes, if it’s too complex, people will find a way to circumvent it, or if it doesn’t exist at all then there is no consistency in the way things are done. Clear, concise and well documented processes will define what we at scoutbee do, enabling staff to consistently work in a secure manner.
scoutbee works with industry leading vendors’ products and services that enable us to monitor our systems in real time, find vulnerabilities and attack paths. The visibility these tools give us enables our team to proactively fix or mitigate issues, as well as helping us understand the processes that allowed them to occur so that we can fix those too.
The scoutbee approach to information security in proactive procurement will ensure our customers’ data, and our systems remain secure in the face of an evolving threat landscape for supply chains.
This is only the first part of a series on the work of our information security team. Please follow our journey to provide state-of-the-art information security on our blog and stay tuned for the next article!