EXIGER
But organisations in other sectors , such as health and retail , have been slower to adopt basic defensive measures , such as properly vetting vendors from whom they ’ re procuring parts from , or having oversight of “ the chain of custody of a part , or its provenance .”
“ When you don ’ t have this visibility , the risks are higher ,” Theresa says , and warns that it is the same story with software : “ Knowing the provenance of code is vital , especially if there is open-source software in a product .”
Inadequate software security measures are enormously costly . In 2019 , it was estimated the US has lost more than a trillion dollars to intellectual property theft through the digital supply chain .
“ Software assurance , cybersecurity and digital supply chain mapping are three things that have to go together ,” says Theresa . “ That ’ s a big part of supply chain risk management today that really didn ’ t exist even five years ago .”
She says that although the COVID pandemic “ woke people up to the importance of supply chain security ,” many organisations remain vulnerable because of the mindset problem .
“ It really does all come down to whether you have a compliance-based mindset or a threat-based mindset ,” says Theresa . “ If compliance with regulatory requirements is all you care about , you are never going to be set up to counter the true drivers of threat .”
Which is precisely why Theresa stresses to her customers the importance of a holistic approach to supply chain security .
She says business leaders “ need to be properly educated about supply chain ,” adding that this often means “ redefining your legacy definition of what supply chain actually is .” This reworked definition , she adds , “ needs to include both the tangible , and intangible , supply chain ”.
Education around risk ‘ vital ’ Yet Theresa has sympathy with businesses who struggle to comprehend the risks inherent in such a rapidly changing world , and says an important part of her role is as an educator .
“ Supply chain threats are changing all the time ,” she says . “ We live in an era where there ’ s so much data that it ’ s very difficult for organisations to understand how to make sense of it .”
She adds : “ Supply chains are globalised and complex , and getting transparency into that is very difficult , and this is why educating folks is so important . They need to know what an effective approach looks like . They need to be walked through the process of standing up a programme . Many people think the supply chain is so massive there ’ s no possible way to be able to map everything out , and that ’ s not true .”
Exiger specialises in “ illuminating the supply chain ,” Theresa explains , adding
exiger . com 13