Reducing cybersecurity vulnerabilities in the supply base: Insights from cyber experts

IF 10.1 1区社会学 Q1 SOCIAL ISSUES

Technology in Society Pub Date : 2025-05-20 DOI:10.1016/j.techsoc.2025.102947

Robert Handfield, Julie Earp, Amir Hossein Sadeghi

{"title":"Reducing cybersecurity vulnerabilities in the supply base: Insights from cyber experts","authors":"Robert Handfield, Julie Earp, Amir Hossein Sadeghi","doi":"10.1016/j.techsoc.2025.102947","DOIUrl":null,"url":null,"abstract":"<div><div>Cybersecurity has emerged as one of the greatest risks in global supply chains and is of interest to both practitioners and academic researchers. However, current approaches largely assume that data breaches involve external parties directly attacking the organization. Prior research overlooks a critical element, namely that suppliers are often electronically integrated with companies, and represent a critical vulnerability that is often exploited by cybercriminals. This study provides a process-driven approach for addressing this gap for logistics managers to apply. We discover that supplier and distributor cybersecurity protection is a core part of a logistics and procurement managers’ responsibility and is no longer just an IT concern. Our analysis focuses on practical insights developed through targeted subject-matter expert (SME) interviews. We cover the methodologies employed to conduct our qualitative investigation, as well as the results of the study. In this study, we began by noting that most studies in cybersecurity assume that vulnerabilities are largely internal to the organization. We develop a qualitatively derived set of best practices based on subject matter interviews that outlines the key steps for addressing supply base cyber-vulnerabilities. We discuss the results of the interviews and the implications of this research for managers, and how they may ensure that vulnerabilities in the supply base are addressed. This framework requires additional validation but provides a strong basis for supply chain managers to consider.</div></div>","PeriodicalId":47979,"journal":{"name":"Technology in Society","volume":"82 ","pages":"Article 102947"},"PeriodicalIF":10.1000,"publicationDate":"2025-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Technology in Society","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0160791X2500137X","RegionNum":1,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL ISSUES","Score":null,"Total":0}

引用次数: 0

Abstract

Cybersecurity has emerged as one of the greatest risks in global supply chains and is of interest to both practitioners and academic researchers. However, current approaches largely assume that data breaches involve external parties directly attacking the organization. Prior research overlooks a critical element, namely that suppliers are often electronically integrated with companies, and represent a critical vulnerability that is often exploited by cybercriminals. This study provides a process-driven approach for addressing this gap for logistics managers to apply. We discover that supplier and distributor cybersecurity protection is a core part of a logistics and procurement managers’ responsibility and is no longer just an IT concern. Our analysis focuses on practical insights developed through targeted subject-matter expert (SME) interviews. We cover the methodologies employed to conduct our qualitative investigation, as well as the results of the study. In this study, we began by noting that most studies in cybersecurity assume that vulnerabilities are largely internal to the organization. We develop a qualitatively derived set of best practices based on subject matter interviews that outlines the key steps for addressing supply base cyber-vulnerabilities. We discuss the results of the interviews and the implications of this research for managers, and how they may ensure that vulnerabilities in the supply base are addressed. This framework requires additional validation but provides a strong basis for supply chain managers to consider.

查看原文本刊更多论文

减少供应基地的网络安全漏洞：来自网络专家的见解

网络安全已成为全球供应链中最大的风险之一，也是从业人员和学术研究人员都感兴趣的问题。然而，目前的方法在很大程度上假设数据泄露涉及外部方直接攻击组织。之前的研究忽略了一个关键因素，即供应商通常与公司进行电子集成，这是一个经常被网络犯罪分子利用的关键漏洞。本研究提供了一个过程驱动的方法来解决这一差距的物流管理应用。我们发现，供应商和分销商的网络安全保护是物流和采购经理责任的核心部分，而不再仅仅是一个IT问题。我们的分析侧重于通过有针对性的主题专家（SME）访谈获得的实际见解。我们涵盖了用于进行定性调查的方法，以及研究的结果。在这项研究中，我们首先注意到，大多数网络安全研究都假设漏洞主要是组织内部的。我们根据主题访谈开发了一套定性衍生的最佳实践，概述了解决供应基地网络漏洞的关键步骤。我们讨论了访谈的结果和本研究对管理者的影响，以及他们如何确保供应基础中的脆弱性得到解决。这个框架需要额外的验证，但是为供应链管理人员提供了一个强有力的基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Technology in Society Multiple-

CiteScore

17.90

自引率

14.10%

发文量

316

审稿时长

60 days

期刊介绍： Technology in Society is a global journal dedicated to fostering discourse at the crossroads of technological change and the social, economic, business, and philosophical transformation of our world. The journal aims to provide scholarly contributions that empower decision-makers to thoughtfully and intentionally navigate the decisions shaping this dynamic landscape. A common thread across these fields is the role of technology in society, influencing economic, political, and cultural dynamics. Scholarly work in Technology in Society delves into the social forces shaping technological decisions and the societal choices regarding technology use. This encompasses scholarly and theoretical approaches (history and philosophy of science and technology, technology forecasting, economic growth, and policy, ethics), applied approaches (business innovation, technology management, legal and engineering), and developmental perspectives (technology transfer, technology assessment, and economic development). Detailed information about the journal's aims and scope on specific topics can be found in Technology in Society Briefings, accessible via our Special Issues and Article Collections.