Cybersecurity Challenges and Risk Mitigation Strategies in Digitized Procurement and Supply Chain Systems
DOI:
https://doi.org/10.63282/3117-5481/AIJCST-V8I1P105Keywords:
Cybersecurity, Supply Chain Security, Procurement Systems, Risk Mitigation, Digital Transformation, Blockchain, Zero Trust, IoT Security, Data Protection, Threat ModelingAbstract
Electronic procurement and supply chain systems have revolutionized organizational efficiency, transparency and international connectivity. Nonetheless, this change has brought with it a plethora of cybersecurity issues that endanger data integrity, operational continuity, and trust by stakeholders. The paper provides an in-depth discussion of cybersecurity threats in digital procurement ecosystems and the development of effective mitigation frameworks based on the current security standards. The abstract is deliberately lengthy to indicate elaborate IEEE-type expressions. Some of the technologies used in digitized procurement systems include cloud computing, Internet of Things (IoT), blockchain, artificial intelligence, and enterprise resource planning (ERP) systems. Such interlocking systems provide a very sophisticated attack surface that is used by adversaries via ransomware, phishing, data breaches, insider threats, and supply chain attacks. The repercussions of such attacks involve financial losses, reputational loss, disruption of operations, and financial fines. One of the current issues in the procurement systems is the exposure to third-party risks. The external platforms, vendors, and logistics providers pose risks as they use inconsistent security practices. Often, attackers use relatively weak links in the supply chain to infiltrate core systems unauthorized. Moreover, the unstandardized security measures of all the global suppliers intensify the risk. This article addresses some of the main cybersecurity issues such as data confidentiality, integrity breaches, availability attacks, identity and access management vulnerabilities, and the new breed of cyberattacks like AI-based ones. It also assesses the effects of digital transformation on the procurement processes and emphasizes how automation makes them more efficient and vulnerable. Towards these end goals, the paper outlines a multi-layered risk mitigation framework that includes zero-trust architecture, encryption, intrusion detection system, blockchain-based traceability, and continuous monitoring. Risk assessment models and quantitative measures are proposed to measure the probability of threats and the severity of their impact. Also, the paper focuses on governance, compliance, and human factors. The key elements of a secure procurement ecosystem are employee awareness, vendor risk management, and regulatory alignment (e.g., ISO 27001 and NIST frameworks). They contain case-based analysis and statistical representations to demonstrate the trends in risks and effectiveness of mitigation strategies. The results show that proactive cybersecurity measures can contribute greatly to vulnerabilities and system resilience. The paper ends by providing suggestions on future research, such as AI-based threat detection and autonomous security systems.
References
[1] Ivanov, D., Dolgui, A., & Sokolov, B. (2019). The impact of digital technology and Industry 4.0 on the ripple effect and supply chain risk analytics. International journal of production research, 57(3), 829-846..
[2] Kshetri, N. (2018). 1 Blockchain’s roles in meeting key supply chain management objectives. International Journal of information management, 39, 80-89.
[3] Saberi, S., Kouhizadeh, M., Sarkis, J., & Shen, L. (2019). Blockchain technology and its relationships to sustainable supply chain management. International journal of production research, 57(7), 2117-2135.
[4] Choi, T. M., Wallace, S. W., & Wang, Y. (2018). Big data analytics in operations management. Production and operations management, 27(10), 1868-1883.
[5] Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34(7), 342-353.
[6] Cybersecurity, C. I. (2014). Framework for improving critical infrastructure cybersecurity. Framework, 1(11), 1-55.
[7] Tang, O., & Musa, S. N. (2011). Identifying risk issues and research advancements in supply chain risk management. International journal of production economics, 133(1), 25-34.
[8] Ghadge, A., Weiß, M., Caldwell, N. D., & Wilding, R. (2020). Managing cyber risk in supply chains: a review and research agenda. Supply Chain Management: An International Journal, 25(2), 223-240.
[9] Christopher, M., & Peck, H. (2004). Building the resilient supply chain.
[10] Chang, S. E., & Chen, Y. (2020). When blockchain meets supply chain: A systematic literature review on current development and potential applications. IEEE access, 8, 62478-62494.
[11] Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003.
[12] Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of computer and system sciences, 80(5), 973-993.
[13] Dhurandhar, A., Graves, B., Ravi, R., Maniachari, G., & Ettl, M. (2015, August). Big data system for analyzing risky procurement entities. In Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 1741-1750).
[14] Haimes, Y. Y. (2011). Risk modeling, assessment, and management. John Wiley & Sons.
[15] Sobb, T., Turnbull, B., & Moustafa, N. (2020). Supply chain 4.0: A survey of cyber security challenges, solutions and future directions. Electronics, 9(11), 1864.
[16] Yeboah-Ofori, A., & Islam, S. (2019). Cyber security threat modeling for supply chain organizational environments. Future internet, 11(3), 63.
[17] Al-Farsi, S., Rathore, M. M., & Bakiras, S. (2021). Security of blockchain-based supply chain management systems: challenges and opportunities. Applied Sciences, 11(12), 5585.
[18] Pandey, S., Singh, R. K., Gunasekaran, A., & Kaushik, A. (2020). Cyber security risks in globalized supply chains: conceptual framework. Journal of Global Operations and Strategic Sourcing, 13(1), 103-128.
[19] Aven, T. (2011). Quantitative risk assessment: the scientific platform. Cambridge university press.
[20] Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595.
[21] Li, Y., & Xu, L. (2021). Cybersecurity investments in a two-echelon supply chain with third-party risk propagation. International Journal of Production Research, 59(4), 1216-1238.
