It’s every company’s worst nightmare. In 2019, a global metals manufacturer experienced a ransom-ware attack in which hackers seized and encrypted its computer files, then demanded payment to unlock them. All 35,00 employees in 40 countries were affected. (The CFO could not even turn on his desktop computer.) Some production lines shut down; others shifted from computer to manual operations. Although the company ultimately resolved the crisis without paying ransom, the disruption ultimately cost it about $71 million, along with significant reputational harm.
Unfortunately, companies are at an increased risk of these kinds of breaches. The diffusion of technology has resulted in attackers gaining state-of-the-art skills, thus increasing the sophistication of their attacks. Suppliers are a key point of access. As supply chains become more fragmented and digitized, they create new points of vulnerability. Each interface among a supplier, company, and customer represents a point where a hacker can steal data, introduce malware, or create some other havoc. With more devices getting deployed across supply chains, data is increasingly gathered by devices that have very basic memory and computation power — for example, point-of-sale terminals — and are difficult to secure. Some of the most high-profile attacks recently have exploited these vulnerabilities.
The challenge of supplier visibility is growing. One recent survey of more than 1,500 CIOs, CISOs, and chief procurement offices from five major economies found that 77% reported limited visibility into third-party vendors. More ominous, 80% had experienced an info-security breach through a third-party vendor in the past 12 months. Another analysis found that 300 supply chains experienced a data breach in 2019, with ransomware attacks being the most common.
The direct damage caused by cyberattacks is just part of the problem; the scrutiny from regulators, and potential penalties of inadequate measures for resisting attack, is of real concern too. Yet there is a means by which companies can create more secure supply chains and prevent the growing incidence of cybercrime: blockchain.
The benefits of blockchain
In a traditional database, a “master” set of information is stored at a central location and distributed to other participants (e.g. how most banks store transaction histories, or how companies track inventory). By contrast, blockchain is essentially a distributed database in which all information is updated, encrypted, and maintained at each “node” (or participant) on the chain. The traditional approach may be easy for organizations to store and maintain records, but its single point of access introduces serious security concerns. If a hacker gets access, the entire database can be compromised.
Several aspects make blockchain hacker-proof. First, the data is time-stamped and immutable. Participants can’t change any information in the chain – they can only add to that information. In addition, because data is updated in real-time, any attempt to tamper with it in one node will automatically be flagged at all nodes. Second, the data is encrypted. Third, participants can be verified through digital credentials to control different levels of access, with a public key infrastructure noting which specific user(s) or IoT devices accessed or transacted with the data.
Evolving applications and features
The range of applications is quickly growing, with security at the heart of many use cases. Blockchain helps track diamonds from the mine to the finished gem. It helps automotive manufacturers track genuine parts through their supply chain. It enables companies to validate how and when specific services are completed. Enterprises can even use blockchain to register the qualifications and license of suppliers to ensure processes met compliance requirements.
Yet blockchain is not a single, homogenous system that allows organizations to flip a switch and capture benefits. It’s evolving rapidly, with new features added regularly to stay ahead of emerging threats.
For example, Wipro is working with Intel on a platform called Hyperledger Avalon that will allow companies to stream data into it securely from outside a particular blockchain. Similarly, smart computing enables some transactions to be processed automatically through the chain. For example, when a shipment is received at a loading dock, a payment can be automatically generated and entered into the chain so Accounts Payable does not need to handle it manually.
How to get started
Blockchain doesn’t require any upgrades to the existing IT infrastructure. However, it does require some other considerations. To that end, companies looking to apply blockchain to their supply chain should begin with these three steps.
Start small. Creating a blockchain for the entire supply chain is daunting, and it requires an ecosystem approach; it can’t be done by a single organization. For that reason, companies should start with a project that is limited in scope. Pick a specific product line or — even better — a trusted partner, and launch a pilot for that specific relationship. As the supplier and the company build their capabilities over time, they can look to expand to other participants in the supply chain.
Expand to other participants. Once a trusted partner has been found and the first proof-of-concept completed, organizations can analyze the benefits and ROI they generated. This will help build momentum for the team and secure a green light from management to start expanding the ecosystem to other participants. As part of this expansion, the founding members will need to capture and incorporate the requirements, expectations, and suggestions of the newer members.
Establish the right governance and incentives. As multiple organizations join the network, it becomes even more critical to ensure that every organization has a say in the network’s operations and evolution. Participants will need to build a robust governance framework for the ecosystem to function and grow efficiently. Incentives are another crucial component. Once a critical mass is achieved, it is important to ensure that participants realize the benefits of their investments and remain in the network. The right incentive structure will ensure that the ecosystem can sustain itself and continue to attract new members.
As supply chains have become more digitized, globalized, and fragmented, they’ve introduced new vulnerabilities for many companies. The growing reliance on data means hackers can do a tremendous amount of damage if they gain access. Blockchain offers a way to fight back by hacker-proofing a supply chain. With the technology still in its early stages, forward-looking organizations can give themselves an advantage by implementing blockchain. In fact, as the risks of a hack grow, the consequences for companies that don’t take steps to protect their supply chain rise in tandem. Blockchain is an increasingly available tool. Companies need to take the impetus to start using it.