The need to secure new and increasingly complex supplier ecosystems in the digital age is rapidly rising up the agenda of CEOs around the globe. Since the beginning of the global pandemic, supply chain risk has risen to become one of the top four growth risks facing today’s organizations, as noted in the KPMG 2021 CEO Outlook Pulse Survey.
Make no mistake — traditional approaches to third party assurance are no longer fit for purpose in today’s new reality. While third party risk management, monitoring and innovation will not be new to your organization; a sharp focus on emerging threats amid accelerating digital transformation, cloud adoption, software-defined infrastructure and new models of working has become critical.
The pandemic has brought into stark relief the need for complex digitally enabled ecosystems that will reliably and securely meet ever-evolving customer and business demands. Our thinking must evolve to match today’s incredibly fast-paced, connected and rapidly changing world.
Organizations once concerned with merely managing third parties are now working in a vast new risk-charged world — managing fourth, fifth and even sixth parties. These parties include a mix of cloud and IT providers, partners and affiliates that define today’s modern extended enterprise.
The new reality pushes the boundaries and pace of digital transformation. Unlocking new ways to enhance supply chain capabilities and security in the digital era will likely spell the difference between success and failure.
Closing the door to open innovation threats
Understanding and effectively managing the third-party ecosystems supporting today’s businesses has become more challenging than ever amid the rapid proliferation of new, digitally enabled, open innovation models.
KPMG professionals are seeing back doors being written into critical commercial and open-source software that, once embedded, unlock dangerous opportunities for bad actors to deploy malware into otherwise secure infrastructures. Those back doors can lie dormant, appearing benign, until activated by an attacker. Polymorphic malware that changes its identity features to evade detection, typically introduced by a subverted security or management tool, can quickly undermine even the most hardened security environment.
To compound that challenge, gaining clear visibility into today’s increasingly broad and complex supply chains via legacy third party risk management is becoming extremely difficult.