STAFDA 2011 Session Preview: Business Security
When it comes to supply chain security, relying on luck is not an effective strategy.
It appeared to be just another typical workday for this distributor. Several pallets of product were loaded onto a truck and dispatched for delivery to customers. However, this delivery was anything but normal. During the loading process, one of the warehousemen placed several extra cases of inventory onto the truck. He then texted the driver advising him how much product had been overloaded and where on his truck it was located.
The driver subsequently detoured off his route and sold the extra product for cash – at 40 percent off its actual value. When he returned to the warehouse that evening, he split the proceeds with his accomplice. These two employees were pocketing thousands of dollars in cash each week and had been doing this for over six months without arousing any suspicion.
Security Threats Today are a Double-Edged Sword
This type of collusion is not uncommon. Studies estimate that theft-related loss costs American companies billions of dollars each year. It’s practically become an underground economy.
Since 9/11, companies in the supply chain also face the ever-present threat of terrorism. According to one recent study, since 2004 there have been more than 600 terrorist attacks targeting the global supply chain. Both government and industry experts agree that terrorist organizations remain determined to smuggle weapons of mass destruction into commercial shipments, especially those destined for the United States.
At the 2011 Customs-Trade Partnership Against Terrorism (C-TPAT) conference, one workshop focused on security breaches. According to the speakers, three of the most prominent factors responsible for supply chain security problems are:
- Companies conducting inadequate self assessments of their safeguards
- The use of generic checklists to evaluate the quality of their security programs
- Complacency
After more than 30 years of performing security assessments and investigations, we’ve repeatedly witnessed one of the most critical mistakes companies make when protecting their assets: they oftentimes confuse being lucky with being good.
Prior to 9/11 for example, most airline executives considered their security programs robust. After all, there were uniformed guards, metal detectors, x-ray machines as well as video and access control systems in place at the terminals. On the surface, these protective controls appeared more than adequate.
In the aftermath of 9/11 however, government officials reassessed airport security and were more than dismayed with how many vulnerabilities had actually existed. As it turned out, a percentage of the uniformed guards had criminal records and lacked the needed training to recognize suspicious behavior or detect concealed contraband.
In addition, metal detectors at airports were not calibrated properly, and many of the video systems in place were antiquated, lacking clarity and comprehensive coverage of security sensitive areas.
While there were access control keypads at most airport doors and terminal gates, the codes in many facilities were rarely changed. Consequently current, as well as former workers, knew the codes to restricted areas.
The catastrophic events that occurred September 11, 2001 were a wake-up call for both the government and private sector, with the harsh reality being painfully obvious: there is a critical difference between cosmetic and meaningful security.
Good Enough is No Longer Good Enough
The difference between a vulnerable supply chain security program that relies on superficial controls and one comprised of meaningful, effective safeguards is not always apparent. Vulnerabilities can only be identified and strengthened through diligent, in-depth inspection and testing by qualified personnel.
I’m oftentimes asked what strategies and tactics I think are absolutely essential for a world-class asset protection program. Here are three:
1. Uncover weaknesses in your protective safeguards before they can be exploited.
Security threats are constantly evolving. Consequently, a supply chain security program must be thoroughly reevaluated every 2-3 years to determine where weaknesses exist that create exposure to theft, smuggling, sabotage or product tampering.
For security assessments to be truly meaningful, they should not be conducted by personnel lacking logistics security expertise.
One company that incurred a significant theft-related loss had undergone a security review only two months prior. What puzzled senior management was how the facility in question could have scored so highly on the security review, yet sustain a six-figure loss soon after.
We were called in to conduct a post-theft investigation and asked to meet with the personnel that performed the security review. During our discussion, it became clear that their auditors had no meaningful supply chain security experience. As it turned out, their core expertise was in quality control. Additionally, the checklist they used to conduct their review was composed of general questions that did little more than skim the surface.
Instead of actually inspecting and testing the alarm and video systems for example, they simply asked the general manager whether this technology was operating properly. The GM responded that as far as he knew both systems were working fine. Consequently, the auditors rated the electronic protection as “adequate” on their checklist.
However, during our forensic investigation we uncovered more than two dozen major problems including numerous motion detectors that had been deliberately compromised, a wireless backup communicator device that was completely inoperable, and two video recorders that were programmed improperly (only archiving video
for 24 hours instead of 30 days).
It was easy to understand why this facility was easily victimized and why management assumed their safeguards were far better than they actually were.
2. Perform ongoing audits to insure that the security practices and processes you’ve put in place throughout your supply chain are being diligently followed.
This is especially important if you’re responsible for a global supply chain, as foreign logistics partners may not always understand or adhere to your asset protection expectations and standards.
A good illustration of this involved an Asian air freight forwarder that shipped large quantities of product to the U.S. During a security assessment at their facility, we asked how they secured their trucks from theft and smuggling while en route to the city’s air cargo terminal. Their vice president assured us that they always applied a high security seal to the cargo door of their trucks, so their shipments to the airport were adequately protected.
However, when we asked one of their drivers about their seal controls, he stated that no one at the air terminal ever inspected the seals upon his arrival. When we subsequently contacted the air terminal, they confirmed that they were unwilling to have their guards participate in a cooperative seal procedure.
We explained to the forwarder that despite the fact that they were well-intentioned and applying quality security seals to their trucks, nothing prevented their drivers from being bribed or extorted into allowing unauthorized access to the cargo area while their trucks in transit to the airport. We convinced them that this vulnerability was far too significant to ignore.
Consequently, they agreed to install GPS units in their trucks that are programmed with mobile geo-fencing. These units send automatic exception alerts for unusual or suspicious activity. Now, if one of their truck drivers goes off the authorized route, remains stationary for an extended period of time, or attempts to disable the GPS unit, their dispatcher immediately receives a text message as well as a pop-up alert on his PC.
3. Provide meaningful training to key personnel so they can effectively detect security threats.
While many companies have some form of training, most of these have very limited value. The content tends to consist of overly generalized guidelines rather than hands-on, usable information.
One company’s training manual for example, devoted several pages to the importance of inspecting pallets of stretch-wrapped product for indications of product tampering. The problem was that there were no specific examples of how stretch wrap and security tape could be manipulated.
However, after being shown digital photographs and video clips of pallets actually being manipulated, the employees left the training seminar knowing precisely what to look for. It was no coincidence that just three months later, one of the receivers detected security tape and stretch wrap on an inbound pallet that had been carefully removed and reapplied. When the shipment was broken down and inspected, concealed contraband was found inside several of the boxes.
There are several other components that should be integrated into a world-class supply chain security program, such as strategically utilizing state of the art technology, maintaining a risk-free way for workers to report suspicious activity or violations of security policy, upgrading due diligence and screening processes for supply chain partners, as well as methods for developing strategic intelligence about new security threats.
With domestic cargo theft estimated at $20-$40 billion a year and terrorist organizations determined to penetrate the U.S. supply chain, the reality is that relying on anything less than the very best security practices creates a false sense of security and an unacceptable level of risk. CS
Barry Brandman is president of New Jersey-based Danbee Investigations, which provides professional investigative, auditing, and security consulting services to hundreds of major companies. Brandman has developed a particular expertise in logistics and supply chain management. He’s a frequent speaker at industry conferences and author of STAFDA’s most recent book, The Executive’s Guide to Business Security. He can be reached by phone at 201-652-5500 or by e-mail at
bbrandman@danbeeinvestigations.com.