According to Forbes, in the realm of cyber security and supply chain management, most security breaches occur from within an organization. In addition to being the result of a lack in the correct technology-based defense, these breaches are a byproduct of poor internal security policy and compliance controls enforced by employers; these oversights can be slight, such as an employee taking a laptop home for the weekend. Forbes contributor Paul Martyn points out that, “…an increasing number of successful hacks are being traced to supply chains. We now live in a world where most every supplier of products and services is expected to conduct business electronically. And worse, the systems that clear the transactions of day-to-day business are fully integrated to corporate Enterprise Resource Planning (ERP) – the keys to the kingdom. Not to overstate it, but there’s a lot of truth to the idea that networked models of security ‘are only as strong as the weakest link.’ And because big business will continue to outsource and pursue new markets of customers and supply, the scope of the problem is exploding.”

In order to prevent hacking, a company’s list of approved vendors should meet basic network security standards. However, if they don’t, it’s much easier to bring a system up to speed or replace something that might be missing instead of discovering that you were misinformed about your supplier’s capabilities.

Further in depth information can be found at:
http://www.forbes.com/sites/paulmartyn/2015/06/23/risky-business-cyber-security-and-supply-chain-management/