As any CSO knows, it's not enough to mind your own business. You have to look after your business partners as well, across all links that connect to your supply chain--whether that chain is physical or virtual. And that goes double in times of rapid change and high stress.
"The threat environment is constantly changing," says Ryan Brewer, CISO for the Centers for Medicare and Medicaid Services. "Sometimes it's hard to put your finger on what's most important."
Who would have thought three years ago that piracy on the supply chain would be such a big concern? Sometimes the big worry is terrorism, sometimes it's natural disasters, lately it's malware. Here are the top five developments CSOs say have the biggest potential to wreak havoc on their supply chains.
No. 1 Game-Changing Force: 'Black Swan' Events
As Nassim Nicholas Taleb explained in his 2007 book of the same name, the term "black swan" refers to an event that is high-impact, hard to predict and rare. Black swans need not be negative (as in the case of 9/11) and can present times of great opportunity, but CSOs rightfully spend their time worrying about the former scenario.
When it comes to the supply chain, black swan events can include everything from disastrous weatherto global pandemicto terrorist attacks. The problem is, if you prepare for the worry du jour, you may leave yourself exposed on other fronts. Case in point: avian flu. Warned that a large-scale outbreak of Asian bird flu would put supply chains at risk, global businesses braced for the worst. Executives discussed how the supply chain might be affected if the flu broke out in China. Their plans rested on transporting and storing materials in other places around the world.
Then, early this year, H1N1 flu broke out in Mexico and spread quickly to unexpected regions like Australia. "Companies had to immediately reassess their plans because they were based on specific scenarios," says Adam Sager, senior manager of business continuity consulting at Control Risks, a security consulting firm in Washington. This was a major wake-up call. "Companies realized they needed to better prepare for unexpected events and increase their knowledge of how their organizations could be impacted. If something is emerging on a global basis, they need to act before it affects their supply chain," says Sager.
When a crisis hits--no matter where on the globe--you need to be able to understand and assess the situation using firsthand country- and location-specific information, says Sager. And you need bidirectional communication between crisis managers and the locale where the event is occurring. Sager notes that companies are discovering gaps between their crisis plans and their operations.
Sign up for Computerworld eNewsletters.