SlideShare a Scribd company logo
Developing a contingency plan and
avoiding disruptions from a security
breach
Danie Schoeman
5 November 2015
A changing landscape
The road to globalisation – and greater
risk
1. World Economic Forum Study 2012, Insurance News; 2. Deloitte 2012 Risk Management Report; 3. BCI Supply Chain Resilience Survey 2014;
4. Ruud Bosman (2006) - The New Supply Chain Challenge: Risk Management in a Global Economy, Factor Mutual Insurance
“81% of respondents report
at least one instance of
supply chain disruption in
2013.3”
Increasing complexity and fragility
Adapted from G. Linden, K.L. Kraemer, and J. Dedrick (2009), “Who Captures Value in a Global Innovation Network? The Case of Apple’s iPod”,
Communications of the ACM, March 2009, Vol. 52, No. 3, pp. 140-144; World Economic Forum Global Risks 2015.
$80
$75
$85
$19
$27
$7
$5
$1
$40
$80
$75
$85
$19
$27
$7
$5
$1
$40
Apple (Margin) Distribution and Retail Major Components
Other Inputs Japan (Margin) USA (Margin)
Taiwan (Margin) Korea (Margin)
The Chief Supply Chain Officer
agenda
43%
55%
56%
60%
70%
Globalization
Cost Containment
Customer Intimacy
Risk Management
Supply Chain Visibility
IBM, The Smarter Supply Chain of the Future - Insights from the Global Chief Supply Chain Officer Study 2010
Full of risk
Typical supply chain risks
Business
continuity risks
•Natural disasters
•Man-made disruptions
•Supplier redundancy
& contingency
Security risks
•Cargo disruption
•Cargo theft
•Hijacking exposure
•Unmanifested cargo
•Information/cyber
attacks
•Sea piracy
•Supply chain terrorism
•Anti-western terrorism
Brand protection
risks
•Facility traceability
(forced & child labour)
•Compliance to social
& human rights
•Compliance to
environmental, health
& safety
•Counterfeiting
•Intellectual Property
violations
Geopolitical risks
•Political stability
•Economic & financial
stability
•Corruption
•Crime & government
effectiveness
•Employee screening
practices
Causes of supply chain disruption
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Environmental incident
Intellectual Property violation
Product quality incident
Health & Safety incident
Animal disease
Earthquake/tsunami
Insolvency (in the supply chain)
Human illness
Civil unrest/conflict
Industrial dispute
Outsourcer service failure
Adverse weather
Energy scarcity
Lack of credit (cost, availability)
Currency exchange rate volatility
New laws or regulations
Loss of talent/skills
Act of terrorism
Fire
Business ethics incident
Data breach
Cyber attack
Transport network disruption
Unplanned IT/telecoms outage
High Impact Some Impact Low Impact
Security risks
Business continuity risks
Brand protection risks
Geopolitical risks
BCI Supply Chain Resilience Survey 2014; G4S Analysis
Identifying security breaches
Cyber attacks
Verizon 2015 Data Breach Investigations Report
0,1%
3,1%
3,3%
8,1%
9,4%
10,6%
18,0%
18,8%
28,5%
Denial of service
attacks
Payment card
skimmers
Physical theft and
loss
Miscellaneous
errors
Web app attacks
Insider and
privilege misuse
Cyber espionage
Crime ware
Point of sale
intrusions
Almost all cyber attacks can be
classified by 9 patterns
24% 16% 16%Transportation
Cyber-espionage Insider and privilege misuse Web app attacks
WEB APP ATTACKS
When attackers use stolen
credentials or exploit
vulnerabilities in web
applications — such as
content management
systems (CMS) or e-
commerce platforms.
INSIDER AND PRIVILEGE
MISUSE
This is mainly by insider’s
misuse, but outsiders (due to
collusion) and partners
(because they are granted
privileges) show up as well.
Potential culprits come from
every level of the business, from
the frontline to the boardroom.
CYBER-ESPIONAGE
When state-affiliated actors
breach an organization, often
via targeted phishing attacks,
and after intellectual property.
Typical cyber attack incidents for
transport & logistics
of the incidents in an industry can be described by just
three of the nine patterns.
Verizon 2014 & 2015 Data Breach Investigations Report
ON AVERAGE
72%
Cyber attacks are physical
of insider and
privilege misuse
attacks used the
corporate LAN.
of theft / loss
happened at
work.
of miscellaneous
errors involved
printed
documents.
Verizon 2014 & 2015 Data Breach Investigations Report
85%
49%
55%
Look inside your company
0% 5% 10% 15% 20% 25% 30% 35% 40%
Unknown
Domestic intelligence service
Foreign nation-states
Competitors
Activists / activist organisations / hacktivist
Organised crime
Hackers
Suppliers / business partners
Former service providers / consultants / contractors
Current service providers / consultants / contractors
Former employees
Current employees
Likely sources of incidents
All industries in all regions Transportation & Logistics
PWC Global State of Information Security Survey 2015
Screening and vetting is business
critical
0% 10% 20% 30% 40% 50% 60% 70% 80%
Conduct personnel background checks
Require 3rd parties to comply with our privacy policies
Employee security awareness training programme
Priviledged user access
Secure access-control measures
Accurate inventory of where personal data for
employees and customers are collected, transmitted…
Employee Chief Information Security Officer in charge
of security
Information security strategy that is aligned to the
specific needs of the business
Security safeguards in place
All industries in all regions Transportation & Logistics
PWC Global State of Information Security Survey 2015
Cargo theft
FreightWatch International
Cargo theft
Non-residential
Robbery & Burglary
SAPS - Crime Situation in South Africa (Released 29 September 2015)
0
200
400
600
800
1000
1200
1400
1600
4000
4200
4400
4600
4800
5000
5200
5400
5600
Numberofincidents
Numberofincidents
Burglary Robbery
Hijacking exposure
SAPS - Crime Situation in South Africa (Released 29 September 2015)
Truck hijacking
0
10
20
30
40
50
60
70
80
90
Numberofincidents
Sea piracy
Based on info from IMO, IMB, ReCAAP
Sea piracy – current activity
ICC: International Maritime Bureau Piracy & Armed Robbery Map 2015
Corruption
2014 Transparency International
Customs “integrity”
Brazil
Russia
India
China
South Africa
Morocco
Rwanda
Nigeria
Gabon
Ghana
Ethiopia
Benin
Angola
Uganda
Cameroon
Gambia
Kenya
Egypt
Hong Kong
Indonesia
Korea, Rep.
Malaysia
Philippines
Singapore
Taiwan
Thailand
0
0,2
0,4
0,6
0,8
1
1,2
0 1 2 3 4 5 6 7
CustomsTransparencyIndex
Irregular Payments (1 = common, 7 = never occurs)
Honest Joe’sHonest Crooks
AngelsDark Horses
DS&C Analysis, WEF ETI (2014)
Major factors contributing to
security breaches
C-TPAT Program Study June 2009
90%
68%
53%
44%
41%
35%
34%
Involved “trucks” as the mode of
transportation for breached cargo
Security procedures not followed (lack of
checks, balances, accountability)
Inadequate transportation monitoring
Lack of seal procedures
Containers, trailers, pallets, etc. Not
secured/properly inspected prior to loading
Failure to screen business partners
Conveyances not inspected
Consequences of security breach
Consequences of supply chain
disruptions
BCI Supply Chain Resilience Survey 2014
5%
7%
7%
7%
18%
18%
24%
27%
34%
35%
38%
41%
45%
48%
59%
Share price fall
Product recall/withdrawal
Fine by regulator
Payment of service credits
Increase in regulatory scrutiny
Loss of regular customers
Product release delay
Stakeholder/shareholder concern
Delayed cash flows
Damage to brand reputation
Service outcome impaired
Customer complaints received
Loss of revenue
Increased cost of working
Loss of productivity
Significant losses
BCI Supply Chain Resilience Survey 2014
49%
17%
10%
18%
4%
1% 0% 1% 0%
Making a plan
Contingency planning
Conduct a
Threat
Assessment
Identify and
Review Core
Business
Functions
Conduct a
Business
Impact
Analysis
Apply
Prevention
and Mitigation
Measures
Implement
Tests and
Maintain the
Plan
What can go wrong?
What are the exposures
to the supply chain?
Look for your
Achilles' heel.Have a well-
thought-out
plan.
Test the plan!
What does the combination Step #1
and #2 can do to your business?
Risk mitigation strategies
 Research, analysis, training, and guidance to
support your company through supply chain
security efforts such as TAPA, C-TPAT, AEO and
Maritime ISPS for review and support, security
criteria gap analysis, financial risk exposure review,
and continual improvement support.
 Utilising business continuity management
standards such as ISO 22301:2012, ISO/IEC
27001 information security management and
ISO 28000 2007 supply chain security
management standard.
 Supplier oversight and cargo custody controls.
 Utilising comprehensive supply chain security intelligence resources, including trade and compliance
intelligence, global supply chain security risk data and analysis.
 Using real-time trade interruption updates and reports on major disruption incidents, countermeasure
programs, and risk mitigation best practices. Country-specific reports on supply chain terrorism, cargo
disruption, business and political climate, population and culture, economy and trade, transportation
infrastructure, general governance, export control governance, employer security practices, and customs-
trade supply chain security programs.
 Thorough vetting of your supply chain and participating firms’ supplier base.
 Automating the supplier risk assessments for Anti-Western terrorism and cargo disruption data.
 Modelling the risk of global cargo tampering data and terrorism.
The payoff
Benefits to you
 Decreased supply chain disruptions
 Effectively protect and manage your supply chain with the ability to
productively respond to stresses
 Decreased losses and lower associated production costs
 Improved business continuity via a more robust, resilient, and responsive
supply chain
 Increased supply chain visibility and improved lead-time predictability
 Greater end-to-end transparency for improved process management and
efficiency
 Competitive advantages over industry rivals when supply chain risks arise
 Brand Protection
 Significant decrease in U.S. Customs inspections (up to 42.8%)*
 Increase in new customers for transport and logistics companies (35.2%)*
 Increase in sales (24.1%)*
 Access to the U.S. Customs FAST (Free and Secure Trade) program*
 Decreased wait time at the border (Green Lane)*
*The C-TPAT Cost/Benefit Survey - University of Virginia Center for Survey Research and the Weldon Cooper Center for Public Service
for the U.S. Customs and Border Protection Service August 2007
Thank you

More Related Content

Similar to Transport Forum 201511 lin

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
Global Business Intel
 
Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016
Graeme Cross
 
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxForm Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
alisondakintxt
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
Marco Antonio Agnese
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
FERMA
 
2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital
James Fisher
 
2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A
Nick Normile
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa
Team Finland Future Watch
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 
Cyber security 2013 - Technical Report
Cyber security  2013 - Technical Report Cyber security  2013 - Technical Report
Cyber security 2013 - Technical Report
Mandar Kharkar
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa framework
James Deiotte
 
Cyber_security_survey201415_2
Cyber_security_survey201415_2Cyber_security_survey201415_2
Cyber_security_survey201415_2
Stephanie Crates
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
SCL Event -  Louis Ferretti - IBM - Project Executive, Product Environmental ...SCL Event -  Louis Ferretti - IBM - Project Executive, Product Environmental ...
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
Global Business Intel
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?
Arrow Institute
 
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureEmployees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Kenny Ong
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
IBM Security
 

Similar to Transport Forum 201511 lin (20)

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
 
Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016
 
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxForm Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docx
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
 
2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital
 
2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber security 2013 - Technical Report
Cyber security  2013 - Technical Report Cyber security  2013 - Technical Report
Cyber security 2013 - Technical Report
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa framework
 
Cyber_security_survey201415_2
Cyber_security_survey201415_2Cyber_security_survey201415_2
Cyber_security_survey201415_2
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
SCL Event -  Louis Ferretti - IBM - Project Executive, Product Environmental ...SCL Event -  Louis Ferretti - IBM - Project Executive, Product Environmental ...
SCL Event - Louis Ferretti - IBM - Project Executive, Product Environmental ...
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?Will the next systemic crisis be cyber?
Will the next systemic crisis be cyber?
 
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special LectureEmployees And Fraud Risks - UiTM Masters in Accounting Special Lecture
Employees And Fraud Risks - UiTM Masters in Accounting Special Lecture
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 

More from Danie Schoeman

SAPICS 2016 DSchoeman Ver2.3 Final lin
SAPICS 2016 DSchoeman Ver2.3 Final linSAPICS 2016 DSchoeman Ver2.3 Final lin
SAPICS 2016 DSchoeman Ver2.3 Final lin
Danie Schoeman
 
Vicenda DPF2016 DSC Ver1.3 Distribute lin
Vicenda DPF2016 DSC Ver1.3 Distribute linVicenda DPF2016 DSC Ver1.3 Distribute lin
Vicenda DPF2016 DSC Ver1.3 Distribute lin
Danie Schoeman
 
Fruit Logistica 2016 Logistics Hub Session 10 lin
Fruit Logistica 2016 Logistics Hub Session 10 linFruit Logistica 2016 Logistics Hub Session 10 lin
Fruit Logistica 2016 Logistics Hub Session 10 lin
Danie Schoeman
 
Fruit Logistica 2016 Logistics Hub Session 4 lin
Fruit Logistica 2016 Logistics Hub Session 4 linFruit Logistica 2016 Logistics Hub Session 4 lin
Fruit Logistica 2016 Logistics Hub Session 4 lin
Danie Schoeman
 
OHMC 201509 lin
OHMC 201509 linOHMC 201509 lin
OHMC 201509 lin
Danie Schoeman
 
Logistics security 201505 lin
Logistics security 201505 linLogistics security 201505 lin
Logistics security 201505 lin
Danie Schoeman
 
Securex South Africa 2015 lin
Securex South Africa 2015 linSecurex South Africa 2015 lin
Securex South Africa 2015 lin
Danie Schoeman
 
Cash Handling Show 2015 lin
Cash Handling Show 2015 linCash Handling Show 2015 lin
Cash Handling Show 2015 lin
Danie Schoeman
 
Vicenda 20091119 lin
Vicenda 20091119 linVicenda 20091119 lin
Vicenda 20091119 lin
Danie Schoeman
 
Vicenda 20070725 lin
Vicenda 20070725 linVicenda 20070725 lin
Vicenda 20070725 lin
Danie Schoeman
 
Cool Logistics 2013 lin
Cool Logistics 2013 linCool Logistics 2013 lin
Cool Logistics 2013 lin
Danie Schoeman
 
Eurofruit SH 2012 lin
Eurofruit SH 2012 linEurofruit SH 2012 lin
Eurofruit SH 2012 lin
Danie Schoeman
 
Allfresh 2012 lin
Allfresh 2012 linAllfresh 2012 lin
Allfresh 2012 lin
Danie Schoeman
 
Cool Logistics 2012 lin
Cool Logistics 2012 linCool Logistics 2012 lin
Cool Logistics 2012 lin
Danie Schoeman
 
ACI 20140807 lin
ACI 20140807 linACI 20140807 lin
ACI 20140807 lin
Danie Schoeman
 
Vicenda Summit 201407 lin
Vicenda Summit 201407 linVicenda Summit 201407 lin
Vicenda Summit 201407 lin
Danie Schoeman
 
Sapics 2014 lin
Sapics 2014 linSapics 2014 lin
Sapics 2014 lin
Danie Schoeman
 
How to Develop Resilient Supply Chains For The African Consumer Market
How to Develop Resilient Supply Chains For The African Consumer MarketHow to Develop Resilient Supply Chains For The African Consumer Market
How to Develop Resilient Supply Chains For The African Consumer Market
Danie Schoeman
 
The challenge of ensuring secure clinics and hospitals for patients and staff
The challenge of ensuring secure clinics and hospitals for patients and staffThe challenge of ensuring secure clinics and hospitals for patients and staff
The challenge of ensuring secure clinics and hospitals for patients and staff
Danie Schoeman
 
The Cost of Cost-cutting
The Cost of Cost-cuttingThe Cost of Cost-cutting
The Cost of Cost-cutting
Danie Schoeman
 

More from Danie Schoeman (20)

SAPICS 2016 DSchoeman Ver2.3 Final lin
SAPICS 2016 DSchoeman Ver2.3 Final linSAPICS 2016 DSchoeman Ver2.3 Final lin
SAPICS 2016 DSchoeman Ver2.3 Final lin
 
Vicenda DPF2016 DSC Ver1.3 Distribute lin
Vicenda DPF2016 DSC Ver1.3 Distribute linVicenda DPF2016 DSC Ver1.3 Distribute lin
Vicenda DPF2016 DSC Ver1.3 Distribute lin
 
Fruit Logistica 2016 Logistics Hub Session 10 lin
Fruit Logistica 2016 Logistics Hub Session 10 linFruit Logistica 2016 Logistics Hub Session 10 lin
Fruit Logistica 2016 Logistics Hub Session 10 lin
 
Fruit Logistica 2016 Logistics Hub Session 4 lin
Fruit Logistica 2016 Logistics Hub Session 4 linFruit Logistica 2016 Logistics Hub Session 4 lin
Fruit Logistica 2016 Logistics Hub Session 4 lin
 
OHMC 201509 lin
OHMC 201509 linOHMC 201509 lin
OHMC 201509 lin
 
Logistics security 201505 lin
Logistics security 201505 linLogistics security 201505 lin
Logistics security 201505 lin
 
Securex South Africa 2015 lin
Securex South Africa 2015 linSecurex South Africa 2015 lin
Securex South Africa 2015 lin
 
Cash Handling Show 2015 lin
Cash Handling Show 2015 linCash Handling Show 2015 lin
Cash Handling Show 2015 lin
 
Vicenda 20091119 lin
Vicenda 20091119 linVicenda 20091119 lin
Vicenda 20091119 lin
 
Vicenda 20070725 lin
Vicenda 20070725 linVicenda 20070725 lin
Vicenda 20070725 lin
 
Cool Logistics 2013 lin
Cool Logistics 2013 linCool Logistics 2013 lin
Cool Logistics 2013 lin
 
Eurofruit SH 2012 lin
Eurofruit SH 2012 linEurofruit SH 2012 lin
Eurofruit SH 2012 lin
 
Allfresh 2012 lin
Allfresh 2012 linAllfresh 2012 lin
Allfresh 2012 lin
 
Cool Logistics 2012 lin
Cool Logistics 2012 linCool Logistics 2012 lin
Cool Logistics 2012 lin
 
ACI 20140807 lin
ACI 20140807 linACI 20140807 lin
ACI 20140807 lin
 
Vicenda Summit 201407 lin
Vicenda Summit 201407 linVicenda Summit 201407 lin
Vicenda Summit 201407 lin
 
Sapics 2014 lin
Sapics 2014 linSapics 2014 lin
Sapics 2014 lin
 
How to Develop Resilient Supply Chains For The African Consumer Market
How to Develop Resilient Supply Chains For The African Consumer MarketHow to Develop Resilient Supply Chains For The African Consumer Market
How to Develop Resilient Supply Chains For The African Consumer Market
 
The challenge of ensuring secure clinics and hospitals for patients and staff
The challenge of ensuring secure clinics and hospitals for patients and staffThe challenge of ensuring secure clinics and hospitals for patients and staff
The challenge of ensuring secure clinics and hospitals for patients and staff
 
The Cost of Cost-cutting
The Cost of Cost-cuttingThe Cost of Cost-cutting
The Cost of Cost-cutting
 

Transport Forum 201511 lin

  • 1. Developing a contingency plan and avoiding disruptions from a security breach Danie Schoeman 5 November 2015
  • 3. The road to globalisation – and greater risk 1. World Economic Forum Study 2012, Insurance News; 2. Deloitte 2012 Risk Management Report; 3. BCI Supply Chain Resilience Survey 2014; 4. Ruud Bosman (2006) - The New Supply Chain Challenge: Risk Management in a Global Economy, Factor Mutual Insurance “81% of respondents report at least one instance of supply chain disruption in 2013.3”
  • 4. Increasing complexity and fragility Adapted from G. Linden, K.L. Kraemer, and J. Dedrick (2009), “Who Captures Value in a Global Innovation Network? The Case of Apple’s iPod”, Communications of the ACM, March 2009, Vol. 52, No. 3, pp. 140-144; World Economic Forum Global Risks 2015. $80 $75 $85 $19 $27 $7 $5 $1 $40 $80 $75 $85 $19 $27 $7 $5 $1 $40 Apple (Margin) Distribution and Retail Major Components Other Inputs Japan (Margin) USA (Margin) Taiwan (Margin) Korea (Margin)
  • 5. The Chief Supply Chain Officer agenda 43% 55% 56% 60% 70% Globalization Cost Containment Customer Intimacy Risk Management Supply Chain Visibility IBM, The Smarter Supply Chain of the Future - Insights from the Global Chief Supply Chain Officer Study 2010
  • 7. Typical supply chain risks Business continuity risks •Natural disasters •Man-made disruptions •Supplier redundancy & contingency Security risks •Cargo disruption •Cargo theft •Hijacking exposure •Unmanifested cargo •Information/cyber attacks •Sea piracy •Supply chain terrorism •Anti-western terrorism Brand protection risks •Facility traceability (forced & child labour) •Compliance to social & human rights •Compliance to environmental, health & safety •Counterfeiting •Intellectual Property violations Geopolitical risks •Political stability •Economic & financial stability •Corruption •Crime & government effectiveness •Employee screening practices
  • 8. Causes of supply chain disruption 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Environmental incident Intellectual Property violation Product quality incident Health & Safety incident Animal disease Earthquake/tsunami Insolvency (in the supply chain) Human illness Civil unrest/conflict Industrial dispute Outsourcer service failure Adverse weather Energy scarcity Lack of credit (cost, availability) Currency exchange rate volatility New laws or regulations Loss of talent/skills Act of terrorism Fire Business ethics incident Data breach Cyber attack Transport network disruption Unplanned IT/telecoms outage High Impact Some Impact Low Impact Security risks Business continuity risks Brand protection risks Geopolitical risks BCI Supply Chain Resilience Survey 2014; G4S Analysis
  • 10. Cyber attacks Verizon 2015 Data Breach Investigations Report 0,1% 3,1% 3,3% 8,1% 9,4% 10,6% 18,0% 18,8% 28,5% Denial of service attacks Payment card skimmers Physical theft and loss Miscellaneous errors Web app attacks Insider and privilege misuse Cyber espionage Crime ware Point of sale intrusions Almost all cyber attacks can be classified by 9 patterns
  • 11. 24% 16% 16%Transportation Cyber-espionage Insider and privilege misuse Web app attacks WEB APP ATTACKS When attackers use stolen credentials or exploit vulnerabilities in web applications — such as content management systems (CMS) or e- commerce platforms. INSIDER AND PRIVILEGE MISUSE This is mainly by insider’s misuse, but outsiders (due to collusion) and partners (because they are granted privileges) show up as well. Potential culprits come from every level of the business, from the frontline to the boardroom. CYBER-ESPIONAGE When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Typical cyber attack incidents for transport & logistics of the incidents in an industry can be described by just three of the nine patterns. Verizon 2014 & 2015 Data Breach Investigations Report ON AVERAGE 72%
  • 12. Cyber attacks are physical of insider and privilege misuse attacks used the corporate LAN. of theft / loss happened at work. of miscellaneous errors involved printed documents. Verizon 2014 & 2015 Data Breach Investigations Report 85% 49% 55%
  • 13. Look inside your company 0% 5% 10% 15% 20% 25% 30% 35% 40% Unknown Domestic intelligence service Foreign nation-states Competitors Activists / activist organisations / hacktivist Organised crime Hackers Suppliers / business partners Former service providers / consultants / contractors Current service providers / consultants / contractors Former employees Current employees Likely sources of incidents All industries in all regions Transportation & Logistics PWC Global State of Information Security Survey 2015
  • 14. Screening and vetting is business critical 0% 10% 20% 30% 40% 50% 60% 70% 80% Conduct personnel background checks Require 3rd parties to comply with our privacy policies Employee security awareness training programme Priviledged user access Secure access-control measures Accurate inventory of where personal data for employees and customers are collected, transmitted… Employee Chief Information Security Officer in charge of security Information security strategy that is aligned to the specific needs of the business Security safeguards in place All industries in all regions Transportation & Logistics PWC Global State of Information Security Survey 2015
  • 16. Cargo theft Non-residential Robbery & Burglary SAPS - Crime Situation in South Africa (Released 29 September 2015) 0 200 400 600 800 1000 1200 1400 1600 4000 4200 4400 4600 4800 5000 5200 5400 5600 Numberofincidents Numberofincidents Burglary Robbery
  • 17. Hijacking exposure SAPS - Crime Situation in South Africa (Released 29 September 2015) Truck hijacking 0 10 20 30 40 50 60 70 80 90 Numberofincidents
  • 18. Sea piracy Based on info from IMO, IMB, ReCAAP
  • 19. Sea piracy – current activity ICC: International Maritime Bureau Piracy & Armed Robbery Map 2015
  • 21. Customs “integrity” Brazil Russia India China South Africa Morocco Rwanda Nigeria Gabon Ghana Ethiopia Benin Angola Uganda Cameroon Gambia Kenya Egypt Hong Kong Indonesia Korea, Rep. Malaysia Philippines Singapore Taiwan Thailand 0 0,2 0,4 0,6 0,8 1 1,2 0 1 2 3 4 5 6 7 CustomsTransparencyIndex Irregular Payments (1 = common, 7 = never occurs) Honest Joe’sHonest Crooks AngelsDark Horses DS&C Analysis, WEF ETI (2014)
  • 22. Major factors contributing to security breaches C-TPAT Program Study June 2009 90% 68% 53% 44% 41% 35% 34% Involved “trucks” as the mode of transportation for breached cargo Security procedures not followed (lack of checks, balances, accountability) Inadequate transportation monitoring Lack of seal procedures Containers, trailers, pallets, etc. Not secured/properly inspected prior to loading Failure to screen business partners Conveyances not inspected
  • 24. Consequences of supply chain disruptions BCI Supply Chain Resilience Survey 2014 5% 7% 7% 7% 18% 18% 24% 27% 34% 35% 38% 41% 45% 48% 59% Share price fall Product recall/withdrawal Fine by regulator Payment of service credits Increase in regulatory scrutiny Loss of regular customers Product release delay Stakeholder/shareholder concern Delayed cash flows Damage to brand reputation Service outcome impaired Customer complaints received Loss of revenue Increased cost of working Loss of productivity
  • 25. Significant losses BCI Supply Chain Resilience Survey 2014 49% 17% 10% 18% 4% 1% 0% 1% 0%
  • 27. Contingency planning Conduct a Threat Assessment Identify and Review Core Business Functions Conduct a Business Impact Analysis Apply Prevention and Mitigation Measures Implement Tests and Maintain the Plan What can go wrong? What are the exposures to the supply chain? Look for your Achilles' heel.Have a well- thought-out plan. Test the plan! What does the combination Step #1 and #2 can do to your business?
  • 28. Risk mitigation strategies  Research, analysis, training, and guidance to support your company through supply chain security efforts such as TAPA, C-TPAT, AEO and Maritime ISPS for review and support, security criteria gap analysis, financial risk exposure review, and continual improvement support.  Utilising business continuity management standards such as ISO 22301:2012, ISO/IEC 27001 information security management and ISO 28000 2007 supply chain security management standard.  Supplier oversight and cargo custody controls.  Utilising comprehensive supply chain security intelligence resources, including trade and compliance intelligence, global supply chain security risk data and analysis.  Using real-time trade interruption updates and reports on major disruption incidents, countermeasure programs, and risk mitigation best practices. Country-specific reports on supply chain terrorism, cargo disruption, business and political climate, population and culture, economy and trade, transportation infrastructure, general governance, export control governance, employer security practices, and customs- trade supply chain security programs.  Thorough vetting of your supply chain and participating firms’ supplier base.  Automating the supplier risk assessments for Anti-Western terrorism and cargo disruption data.  Modelling the risk of global cargo tampering data and terrorism.
  • 30. Benefits to you  Decreased supply chain disruptions  Effectively protect and manage your supply chain with the ability to productively respond to stresses  Decreased losses and lower associated production costs  Improved business continuity via a more robust, resilient, and responsive supply chain  Increased supply chain visibility and improved lead-time predictability  Greater end-to-end transparency for improved process management and efficiency  Competitive advantages over industry rivals when supply chain risks arise  Brand Protection  Significant decrease in U.S. Customs inspections (up to 42.8%)*  Increase in new customers for transport and logistics companies (35.2%)*  Increase in sales (24.1%)*  Access to the U.S. Customs FAST (Free and Secure Trade) program*  Decreased wait time at the border (Green Lane)* *The C-TPAT Cost/Benefit Survey - University of Virginia Center for Survey Research and the Weldon Cooper Center for Public Service for the U.S. Customs and Border Protection Service August 2007