6 minute read
MITIGATING DIGITAL RISK PROCUREMENT’S ROLE IN PROMOTING CYBERSECURITY
The World Economic Forum’s Global Cybersecurity Outlook report indicates that cyberattacks increased 125 per cent globally in 2021, with the uptick expected to continue. And while cybersecurity related issues are not new, what has changed in recent years is that there has been a massive move to utilizing the Cloud, IoT, e-commerce, remote accesses, and overall digital transformations, that ultimately led procurement teams to rethink their skills and their approach to their vendors.
Every day we are witnessing more and more cyberattacks, data-breaches and privacy concerns. The rising access of AI-powered technology that enables the development of malware, scripting, and other tools, provides hackers with the ability to manufacture near perfect ways to execute on their plans, and with very little effort. The ultimate goal of these hackers is highly lucrative ransom. With our reliance on technology, the ransomware industry has grown into a multi-billion-dollar global criminal industry. There are no indications that industry is slowing down.
Total Value Of Ownership
So, what role does procurement play in mitigating this risk? The answer is in a robust due diligence process, and third-party risk management (TPRM). This is potentially the biggest change that will transform this profession, as we completely shift the procurement conversation from cost savings and cost avoidance to the total value of ownership with a heavy weight placed on business continuity, information security, financial stability, and vendor concentration. The elevated due diligence and TPRM process begins at the vendor evaluation phase and onboarding stage and is managed through a structured, well-defined vendor governance process and continuous risk monitoring.
Arguably, among all of the TPRM components, information security requires the most attention, as it is the biggest threat to any organization. Your organization’s information security is only as good as your weakest vendor.
Fortunately, there are many InfoSec tools available to monitor vendor risk profiles continuously, based on data breaches and/or cyberattacks. However, by the time an organization is made aware of them, it might already be too late. The best defense remains a comprehensive vendor due diligence process, including reviews of the independent InfoSec audits and vendor SOC reports, at different stages of the engagement, starting with the evaluation and onboarding phase, and then annually throughout the lifecycle of the relationship.
Procurement should be partnering with IT, in performing due dili- gence, and the ongoing monitoring of all critical vendors with the low or fluctuating risk profiles, to gain a better understanding of the trends, and what to look for when evaluating vendors. Some vendors risk profile may be impacted by things such as IaaS shared responsibility models they have with other customers, or even the nature of their business (e.g. ISP). And while the InfoSec tools will show this as risk, a detailed internal review can segment it out, focusing the conversation on the actual threats that should be managed.
As the first line of defence, procurement has a huge role in protecting the organization. By further broadening their scope, the procurement function is moving from an enablement to a strategic function, further forging the way for collaboration between the organizations and their most important vendors. By understanding and sharing vendor risk profiles with vendors, procurement teams can ensure that both organizations are working together to address any gaps and investing in stronger security. This further creates an opportunity to exchange best practices, new ideas and lessons learned between both parties. It is time well spent, and ensures strong strategic partnerships between the two companies.
Nevertheless, even if all the due diligence checks out, all organiza- tions, in partnership with their procurement teams, should have a well-established and documented exit strategy for each of their critical vendors. This practice will force the organization to think about their relationship with their vendors, avoid concentrating massive scope on one vendor, and remove sole-sourcing practices all together.
A Matter Of Time
The question is not if an attack happens, but rather when. Depending on the nature of the attack and the information that is compromised, organizations might not only have their customer base impacted, resulting in financial loss and a tarnished reputation, but can also be subject to regulatory fines and penalties.
As cyberattacks become more sophisticated, our defence also needs to become more sophisticated, forcing procurement to act as the first line of defence, to evolve from the traditional roles that it once played. This will require investing in people with elevated skills, processes, and technologies, all focused on a first-line-of-defence mandate, and less on pricing. Failing to plan is planning to fail, and with an ever-increasing reliance on IT, procurement teams must be prepared. SP
Eric Attias named Holman’s Canadian VP of sales
Automotive services company Holman has named Eric Attias vice-president of sales for the organization’s Canadian fleet and mobility division.
Purolator orders 55 electric trucks from Motiv Power Systems
Purolator has announced it is ordering 55 electric delivery vehicles from Motiv Power Systems, a producer of EV trucks and buses. The order comes following the rollout of five Motiv-powered electric trucks in 2021. The additional vehicles will be deployed this year in London, Ontario, Vancouver, British Columbia, and Quebec City, Quebec.
“Expanding our partnership with Motiv Power Systems represents Purolator’s growing EV deployment and leadership across Canada,’’ said Chris Henry, director of national fleet at Purolator. “After a successful experience with our first order, we’re excited to partner together on this next phase that will help us execute on our commitment to reaching netzero emissions by 2050.’’
Since converting five of its stepvans to Motiv Power Systems electric vehicles in 2021, Purolator has reduced 47 tonnes of C02 over the 45,000 miles travelled, with an uptime of 97 per cent. Purolator won the Advanced Clean Transportation (ACT) Expo Fleet Award in the leading carrier category in 2021.
Goodyear introduces EV tire for regional fleets
The Goodyear Tire & Rubber Company has introduced RangeMax RSD, its first electric vehicle-ready tire compatible with EV and gas- or diesel-powered regional work vehicles.
The RangeMax RSD is Goodyear’s best regional drive tire for energy efficiency, the company said. Equipped for higher load capacities of EVs, RangeMax RSD was engineered to deliver lower rolling resistance than comparable tires for improved efficiency to fleets regardless of drivetrain.
Engineered with Treadlock Technology to promote even wear and longer miles to removal, RangeMax RSD is the first regional drive tire embossed with Goodyear’s “Electric
Drive Ready” designation. Available now in size 295/75R22.5, the RangeMax RSD include:
Three-Peak Mountain Snowflake and Mud and Snow designations, key performance assurances in winter driving conditions.
Premium casing construction. Enhanced tread pattern designed for high-torque applications and an optimized footprint shape for even treadwear.
RangeMax RSD is the latest addition to Goodyear’s EV tire portfolio. Last year, Goodyear introduced its first commercial truck tire with “Electric Drive Ready” designation, Endurance RSA ULT.
Attias is tasked with sustaining Holman’s growth in the Canadian market and throughout North America. He will also provide strategic oversight for a team of Canadian sales managers responsible for aligning the company’s fleet management solutions with customer needs.
“Eric’s extensive leadership experience and operational fleet expertise combined with his profound understanding of the Canadian market will be invaluable to our clients and our entire organization,” said Craig Pierce, senior VP, fleet & mobility sales, Holman.
Attias joins Holman from Toromont Cat, where he most recently served as head of underground mining operations. Before that, he held several senior leadership roles in sales, business development, strategic planning, and product development with Petro-Canada.
Attias holds an MBA from York University’s Schulich School of Business and is fluent in English, French, and Spanish. He will be based in Holman’s Canadian headquarters in Mississauga.
Blackhawk Tire wins vendor of the year
Blackhawk Tire has won Vendor of the Year Award from OK Tire, a Canadian independent tire and auto service retailer. Blackhawk Tire received the award during the annual OK Tire AGM in Cancun, Mexico.
“The entire Blackhawk Tire team would like to thank OK Tire Canada for presenting us with the coveted Vendor Of The Year award,” said James McIntyre, Blackhawk’s VP of sales.“It was a tremendous honour to be recognized in such a significant way, and we are deeply appreciative of the continued support and recognition.”
The Blackhawk Tire brand shares many of OK Tire’s company values, making the partnership a natural fit, the company said, enhancing the mid-range tire offering at OK Tire and furthering the commitment to providing customers with great tire options at every price point.
Blackhawk’s line-up provides affordable options for almost any vehicle, from high-performance tires to everyday drivers. Blackhawk offers a commercial product assortment of commercial truck tires to get any fleet across the country safely and efficiently.
By Michael Power
