As globalization continues at speed, the issue of supply chain risk management is a significant challenge for many organizations. In an increasingly interlinked world, global supply chains play an important role in supporting and enhancing trade and interactions for both the public and private sectors. The flipside of this is that the savings and efficiencies created by sourcing personnel and materials from many different parts of the world are often paired with serious risks that, if left unaddressed, can lead to cybersecurity breaches, expensive recalls, reputational damage, and much more.
Supply chain risk management is becoming even more imperative since the Covid-19 pandemic disrupted supply chains and brought to light additional geopolitical risks to supply chains. Balancing the need for supply chain risk assessment, however, is the need to keep the organization running smoothly, particularly when slowdowns in one part of the world can impact every segment downstream. Essentially, organizations must be able to conduct due diligence and risk assessment on all parts of their supply chain effectively, efficiently, and regularly in order to ensure the safety and security of their personnel, facilities, intellectual property, and more – while avoiding creating the exact supply chain delays that the supply chain risk management process is meant to prevent.
Addressing Supply Chain Risk Management Challenges
In order to protect and vet a globally dispersed network of employees, contractors, and suppliers, security teams must account for a huge number of variables. One of the overlooked tools in the supply chain risk management toolbox is Open-Source Intelligence (OSINT).
While OSINT capabilities likely won’t provide warning that certain chips are infected with ransomware, or that a supplier is using faulty wiring or cheap, unreliable materials, insights uncovered by OSINT technology can flag potential risks across supply chains. These potential risks can serve as valuable inputs for a supply chain risk management strategy and for follow-up by a security team, either online or through other means. For example, if the executive team of a potential partner or a point of contact at a local subcontractor has ties to competitors, criminal networks, or violent extremists, there is a good chance that information will be identifiable somewhere on social media – even when the subject of an investigation has taken steps to hide their potentially disqualifying associations.
The OSINT Challenge
The biggest challenge with effectively incorporating OSINT data into existing analytical supply chain risk management processes is one of scale. Sifting through hundreds or thousands of relationships and pieces of content on social media, forums, boards, and other open sources is a potentially overwhelming burden for security teams that are already stretched to their limit. Even for experienced OSINT analysts who are armed with good search words and phrases – such as company, product, and facility names – investigations can still be prohibitively time-consuming, especially when dealing with content in the many different languages that are inevitably part of a global supply chain.
OSINT for Supply Chain Risk Management
In order to effectively and efficiently address the OSINT challenge and ensure that the security clues that exist on open-source platforms are not overlooked, analyst teams need tools that can help them quickly identify the high-risk posts and actors from an otherwise overwhelming ocean of content. This is where the broad data collection and AI-driven analytics capabilities of Fivecast ONYX come in. Users can seamlessly incorporate open-source data from the Surface, Deep, and Dark Web into their investigative process without disrupting operations. Importantly, because it focuses on uncovering insights from open-source data on online platforms that are not physically part of your supply chain, the OSINT investigative process runs minimal to no risk of accidentally disrupting your organization’s operations.
The image analysis capabilities of Fivecast ONYX – including Optical Character Recognition (OCR), concept detection, and logo detection – make it exponentially easier for analysts to identify relevant photos and videos posted online, even when posted without the kinds of accompanying captions that analysts have long relied on to uncover incriminating or risky content. Thus, instead of spending time and energy watching videos and combing through images for superimposed text, important logos or license plate numbers, or reading every sign or poster in a photo, analysts can instead focus on the content and concepts Fivecast ONYX has already extracted and analyzed for them.
Text analytics, including what is applied to text extracted from photos and videos using OCR technology, can simplify the analytical process even further. By tracking sentiment and emotion across social media related to user-defined search terms, phrases, and hashtags, Fivecast ONYX helps analysts see trends over time that are relevant to their business. For example, if anger and negative sentiments are being expressed towards your company or parts of its supply chain, analysts can quickly identify the accounts driving that conversation and make a rapid assessment of whether this spike in chatter carries a high level of physical or political risk along with it.
Fivecast ONYX not only automates the data collection process across accounts, forums, groups, posts, and communications channels of interest for your company, it also provides analytical tools and deep learning capabilities that immediately flag risky content and relationships of interest. This shortens the time spent gathering relevant social media data, while also improving the quality of analytical work by enabling users to quickly and easily incorporate huge amounts of OSINT data into their assessments, in places where manual analysis would have imposed prohibitive labor and analytical costs. Successfully operating global supply chains in the current environment of increased geopolitical, fraud, and trade risks demands a new approach to supply chain risk management. Advanced open-source intelligence technology has the potential to help both public government agencies and private organizations uncover risk and protect global supply chains to ensure national security and business continuity.
