When supply chain disruptions strike, risk mitigation strikes back. And, it does so in many forms. Whether it’s enhanced software, improved employee training or solutions equipped with visibility features, managing risk is a 24/7/365 job. It requires all hands on deck, the latest and greatest technologies and the ability to pivot accordingly.
That’s because supply chain disruptions also come in many forms -- ransomware attacks and port closures, natural disasters and global pandemics, food fraud and cargo fraud. These disruptions then mutate into other forms of risk-related instances, such as labor shortages, product shortages, rising costs and more. And, before we know it, all parts of the supply chain are exposed.
These disruptions have forced companies to enact Plan B and sometimes Plan C, and for those companies not equipped with the right tools and technologies to adapt, moving product through the cold food chain can be, well, quite risky.
If history repeats itself, disruptions of major magnitude will continue to rock U.S. supply chains. But, it’s how companies plan, manage and react to these disruptions that allows them to efficiently and successfully mitigate risk.
Keeping danger at bay
When it comes to risk reduction, two things are clear – 1. There will always be supply chain disruptions, therefore 2. There will always be risks to the supply chain.
“Whether it’s a health risk, weather risk or some other kind of threat, we’re strong believers in the adage ‘an ounce of prevention being worth a pound of cure,’” says Kathy Fulton, executive director of American Logistics Aid Network (ALAN). [CLICK HERE to read the full interview with Kathy Fulton].
Factors such as COVID-19, piracy and cyberattacks, climate change, delays and more continue to be the most challenging supply chain disruptions, according to a report from Allianz Global Corporate & Specialty (AGCS).
What’s more is, only 4% of chief supply chain officers (CSCOs) say they are “future-ready,” while 34% expect to be there by 2023, according to an Accenture report.
“Even before the pandemic, chief supply chain officers were faced with increasing expectations – from supporting new customer experiences to driving profitability,” Manish Sharma, group CEO of Accenture Operations, said in a press release. “Faced with their greatest stress test yet, chief supply chain officers were challenged to meet the moment and build a relevant, resilient and responsible supply chain that delivers for all stakeholders. Today’s supply chain leaders are depended on to create a digitally powered, data-driven operating model to achieve a future-ready supply chain and enable long-term growth.”
That’s because today’s CSCOs are challenged with supply chain disruptions of varying degrees that hit without warning.
“No one has escaped the impact that COVID-19 has wrought on the cold food supply chain. Every person involved has experienced—and continues to experience—those impacts personally, in their families and communities, professionally and in their companies, and as consumers who shop to feed their families, and very commonly all three at once,” says Alex Apostolou, principal solutions strategist, risk management strategy for VelocityEHS. “Risk management is not about managing risks; it’s about managing the controls that manage the risks.” [CLICK HERE to read the full interview with Alex Apostolou].
Likewise, one of the greatest concerns of supply chain professionals is managing risks, Mark S. Baxa, president and CEO of the Council of Supply Chain Management Professionals (CSCMP), detailed in this free white paper, presented by Food Logistics.
“Beyond the impact of COVID-19 on the supply chain that most supply chain professionals are beginning to understand more fully, at the heart of the most significant impact to supply chain performance is risk, described in three words--complexity, competency and capability,” Baxa says.
Case in point: Ransomware attacks have reached “stratospheric” levels, now accounting for 69% of all attacks involving malware, according to a new Positive Technologies report.
The number of ransomware attacks between January-March and April-June increased by 288%, with organizations continuing to face waves of digital extortion in the form of targeted ransomware, according to an NCC Group survey.
Firms with an annual revenue of $10-15 billion have been significantly impacted by illicit activity, a Kroll study reveals.
And, while cold chains have unique characteristics that separate them from other supply chains, “many of the challenges faced are similar, and COVID is just one of those challenges,” says Christian Piller, VP, research and sustainability, project44. “Many of today’s global supply chains, while complex, are still based on manual processes and systems that lack real-time supply chain awareness with stagnant, low-fidelity data. Supply chain companies are attempting to solve today’s challenges using yesterday’s technologies, and when an event like COVID comes along, these weaknesses turn into breaking points.”
Reducing risk starts even further upstream than the farm, says Adrian Parkhideh, VP, go-to-market strategy, project44.
“project44 and global food suppliers should be managing from seed to fork. Leading companies have instilled this practice not only to ensure the most uniform products, but to [also] ensure continuous control and safety in their supply chains for their customers,” Parkhideh adds.
From the farmer to the producer to shipping to the final destination (restaurant or grocery store), there are many ways supply chain systems can encounter threats.
“One flaw we saw glaringly during the pandemic was the blind trust in third-party tools and third-party interactions between companies and how their data is shared,” says Jim Bowers, security architect at TBI. “Along with this, many organizations in the cold food chain arena deploy several IoT devices, so that they can be faster and more efficient. While this is typically true, the problem with IoT devices is a lot of times companies are not keeping up with their maintenance, such as updating the device’s firmware. When this oversight happens, IoT devices become a big target for threat actors.
“Being cognizant of exactly what changes you’ve made to your supply chain and what IoT devices are in your infrastructure is crucial to successful supply chain management,” Bower says. “For example, when an IoT device is placed on a refrigerated truck, it’s communicating back somewhere with data, making it an entryway into that organization.” [CLICK HERE to read the full interview with Jim Bowers].
What’s more is, there has been a lot of disruption in sourcing.
“It is important for manufacturers to maintain the same rigor in quality as always in the event of a changing supply chain. Dependencies on just a few suppliers can leave manufacturers vulnerable to disruptions,” says Brian Gerritsen, manufacturing practice lead, Travelers. “We recommend establishing a trusted network of back-up suppliers with the same strict oversight and vetting process as for primary providers. To understand the likelihood of disruption, be sure to thoroughly review a potential supplier’s track record, financial resources, certifications and business continuity plans, as well as where they source their materials and how they ensure product quality.”
How visibility helps companies “see” what’s ahead
When the Coronavirus disease (COVID-19) overturned supply chains worldwide, it forced many companies to re-evaluate their risk management plans. What happens when employees get sick or are quarantined for days? What happens when manufacturing plants and warehouses experience lockdown? What happens when such threats tamper with the way businesses operate?
And, now the Delta Variant is looming its dark head.
That’s why many of today’s companies are implementing supply chain visibility tools and technologies to better “see” and prepare for what’s ahead.
“project44 has seen companies across the supply chain, including in the cold chain space, invest in digitalization initiatives that removes these manual processes and systems to achieve real-time supply chain awareness with high-fidelity data. This high-fidelity data is critical in mitigating risks and improving planning efficiency because while we can’t always control for volatility, we provide companies with tools to respond, adapt and be proactive,” says Piller.
Today, companies can implement technologies designed to bolster risk reduction along the cold food chain. Whether it’s equipping farms with technology to communicate upstream or using tracking devices that can identify incidents like wrong location, temperature out of control, tampering and more, visibility and risk reduction go hand in hand.
“Transparency goes back to shared supplier visibility and not just identifying where the truck is at any given time, but also includes details at SKU, item and product level,” says Parkhideh. “The biggest issue most companies face is inbound supply visibility and being able to share pertinent data to each member in the supply chain with ease. It is important to keep in mind that the term ‘visibility’ can be used in a very general sense and is commonly thought of as dots on a map or tracking trucks. When looking at technology to pull these various nodes together, it is important to clarify what the problem state is and identify the gaps that you are trying to address. Implementing technology for the sake of needing technology is never a good practice.”
As a result, project44 partnered with Fuel Transport to combine project44’s Advanced Visibility Platform with Fuel Transport’s North American logistics and freight management network to optimize real-time shipment data.
The past few decades have also ushered in an era of advanced technologies — such as the Internet of Things (IoT), cloud computing, artificial intelligence (AI), robotics, automation, direct-to-consumer strategies, supply chain visibility and more — that enable new supply chain strategies. And, in some ways, mitigating risk along the cold food chain isn’t just about ransomware attacks; it’s about protecting the food itself and the people who move it.
For its part, ReposiTrak set up the Food Traceability Leadership Consortium (FTLC) to help food retail industry leaders collaborate on the development of easy-to-use food tracing technology.
Meanwhile, the ReposiTrak platform helps companies in the food supply chain meet current food safety regulatory requirements.
“If an ‘every man for himself’ approach to food traceability prevails, the industry could end up with a hodgepodge of non-interoperable systems. This will create a ‘balkanized’ supply chain where systems can’t share critical traceability data between trading partners, resulting in massive operational complexity. Food retailers can’t afford to let that happen, which is why we are engaging the industry now on a solution that involves no new labeling, no operational process change and is affordable down to the smallest supplier,” says Randy Fields, chairman and CEO, ReposiTrak. “This needs to be at the forefront of every food company’s thinking in 2022 because the new FDA requirements are coming into force quickly and they need time to deploy the appropriate resources or risk supply disruptions or worse.” [CLICK HERE to read the full interview with Randy Fields].
All of VelocityEHS’ energy goes into making risk management tools that helps customers quickly and efficiently perform risk assessments.
“The risk management process can assess environmental risk, consumer risk, quality risk, cyber or supplier risk,” says Apostolou. “In other words, risk is a process, not a product, and our focus is on building a risk management toolset that lets our customers identify, assess and manage any type of risk. By keeping the toolset constant, the workforce learns and trusts the process to deliver the right outcomes. And, just as almost all risks have multiple consequential impacts (e.g. a worker injury will have a safety and financial impact, a customer with food poisoning might have a reputational, financial and legal impact), by fleshing out all the impacted stakeholders, you’ll be more likely to get more smart minds solving problems properly with the correct level of resourcing.”
“We recommend Bowtie Risk Analysis in these multi-disciplinary situations, as it helps visually map risks and illustrate the pathways between causes and potential impacts,” he adds. “In addition to mapping risks, or any type, bowties allow you to assign controls to individual causal or consequential pathways, apply performance standards and visually track the performance of those controls. People remember pictures and understand flows or cause and effect, so as you explore more complex scenarios in a collaborative setting, having a tool that visualizes all elements instead of an Excel spreadsheet builds the common understanding that helps users better organize and prioritize risks and facilitate a more comprehensive understanding of the risks facing your business and how to control and manage them.”
Risk reduction in 2022
Even if companies have all the right tools, solutions and technologies in place, it does not guarantee clearance from risk.
“Therefore, it’s important to have key pieces in place, like a defense in depth (DiD) approach, to mitigate risk to the best of your ability. If you think of a big house, you have a gate, an alarm system, a key, external cameras and motion sensors all coming together to provide greater protection within your house from outside intruders. The same thing goes for an organization, you need multiple layers,” says Bowers. It’s nearly impossible to protect everything but leveraging the right tools can get you pretty close.”
“Zero-trust network access (ZTNA), multi-factor authentication (MFA), endpoint protection and an endpoint detection and response (EDR) platform need to all be working together to give you the visibility you need across your infrastructure,” he adds. “Humans are an organization’s weakest link in terms of security, so having a layered approach where you can easily identify what is going on within your infrastructure, is key to making sure employees are only accessing the data they need to do their job. Make sure to promote user awareness with phishing simulations and trainings, use secure remote access for anyone accessing the data and encrypt data everywhere possible.”
Shippers in particular need to have an integrated network connecting their vendors, partners and nodes in the supply chain, says Parkhideh.
“This allows for greater visibility between partners, so everyone is working in harmony and understands up and downstream impacts, whether it’s the farm, transportation leg or warehousing and distribution. This transparency of data, events and exceptions for each stakeholder at each milestone is important to ensure the safety of the product and timeliness to market,” he adds. “Transparency goes back to shared supplier visibility and not just identifying where the truck is at any given time, but also includes details at SKU, item and product level. Being able to track each of these data points means identifying the correct technologies needed such as visibility providers, asset devices and then consolidating this information into a single managed view.”
“It is important to keep in mind that the term ‘visibility’ can be used in a very general sense and is commonly thought of as dots on a map or tracking trucks,” says Parkhideh. “When looking at technology to pull these various nodes together, it is important to clarify what the problem state is and identify the gaps that you are trying to address. Implementing technology for the sake of needing technology is never a good practice. Identify the needs and seek out vendors that can alleviate those pain points. The biggest issue most companies face is inbound supply visibility and being able to share pertinent data to each member in the supply chain with ease.”
Companies also have to keep investing in early risk identification methodologies and practices, says Fulton.
“Just like today’s weather tracking tools can tell us a lot more about the potential path of a hurricane and our Supply Chain Intelligence Center can point out areas of concern, anything that gives them an advance heads up is going to be of huge help in preventing what could be a ‘minor’ disaster from turning into a major catastrophe,” she adds. “Stop talking and start doing. It isn’t enough to just talk about mapping out your supply chains and strengthening ties. Companies have to do the work of building true relationships across aspects of their businesses and supply chains. Those relationships could wind up being one of the most powerful and durable resources they have, especially if (or when) the power is out or systems are down.”
“Companies also need to expand their definition of what ‘potential threat’ means,” Fulton adds. “The last two years have shown that threats to supply chains can come from many sources besides the weather. From civil unrest and health issues to labor shortages, cybersecurity and more, it’s easy to believe we’ve pretty well seen it all over the past 24 months. But, that’s not a safe assumption to make. Companies should always be on the lookout for not only the common disasters (like hurricanes, tornadoes and cyberattacks) that could harm their supply chains, but also the unusual ones they might never have seen coming.”
When supply chain disruptions strike, risk mitigation strikes back. And, it's the visibility features that enable companies to have that added layer of risk protection needed to overturn supply chain disruptions.