Third-Party & Supply Chain

In a resolute move aimed at further crippling Russia's capacity to wage war on Ukraine, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has announced a sweeping set of sanctions targeting Russian elites, the country's industrial base, financial institutions, and technology suppliers. This substantial escalation of sanctions comes as part of the United States' broader strategy to leverage economic restrictions against Russia's ongoing aggression in Ukraine.

A Greek shipping company has admitted guilt in a case of smuggling sanctioned Iranian crude oil and has agreed to pay a hefty fine of $2.4 million, according to recently unsealed U.S. court documents reported by The Associated Press. The case revolves around Empire Navigation and, as part of the plea agreement, the company faces three years of probation.

A recent data breach at a UK military contractor has once again highlighted the risks associated with legacy systems and third-party vendors. The breach, attributed to the LockBit ransomware group, compromised a Windows 7 computer at the industrial operations of Zaun, a Wolverhampton-based company specializing in the design and manufacturing of mesh fencing systems used to secure UK military bases and intelligence sites.

The legacy of Yellow's shutdown and its Impact on the freight industry, the market, and supply chains as a whole, in the midst of what looks to be a historically slow year for the shipping business.

The United Kingdom's largest regional police force, the Metropolitan Police, known as "The Met," is grappling with the aftermath of a supply chain cyber attack that has once again highlighted the significant vulnerabilities posed by third-party vendors in the realm of cybersecurity.

Procurement and supply chain teams are being urged to reconsider their approach to category management, as it evolves from a mere administrative function to a strategic opportunity for identifying risks and gaining competitive advantages. In a recent whitepaper released by German software giant SAP, three common mistakes in procurement category management are highlighted, along with recommendations for improvement.

The recent implementation of new cybersecurity incident disclosure requirements by the U.S. Securities and Exchange Commission (SEC) has placed third-party cyber risk squarely in the spotlight. These new regulations underscore the materiality of third-party cyber risk, emphasizing its significance as a business risk. The SEC's final rule acknowledges that a substantial number of organizations, approximately 98%, rely on third-party vendors that have suffered breaches within the last two years.