Russia's recent invasion of Ukraine has continued to escalate, not only wreaking havoc in the region, but sending global markets into a tailspin as well. Between imposed sanctions and tense conflict, supply chain leaders should pay particularly careful attention to their commodity suppliers and cybersecurity health.
Sanctions on Russia from US and Western allies have been in place for years, but controls have tightened in light of recent events. Currently, the recently imposed sanctions are directed at several Russian financial institutions, including the Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank (VEB) and Promsvyazbank Public Joint Stock Company (PSB), as well as key individuals linked to Putin. However, President Biden and other leaders have stated their reluctance to implement restrictions specifically targeting the energy market. Ousting Russia from SWIFT, a global cooperative linking thousands of financial institutions in over 200 countries, has been temporarily tabled.
But Russia’s outsized influence on the global supply of oil, gas and industrial materials, coupled with the fact that the majority of commodity trading occurs in US dollars or euros, means that intense bottlenecks will likely affect supply and therefore prices in the short term, and likely medium term.
Oil & natural gas: Russia is the third largest producer of oil globally, and supplies Europe with about one-third of their natural gas. Recent price surges have been the highest in almost seven years.
Palladium: A key component in the production of catalytic converters in cars, Russia holds 40% of the world’s supply, further impacting the already volatile automotive sector. This can especially impact Russian based suppliers like Norilsk Nickel while the London based Anglo American Platinum, which sources from South Africa, could see increased demand.
Nickel: Producing over 10% of the world’s supply, Russia exports nickel for it to be used in a myriad of manufacturing sectors, as it is used for the production of stainless steel.
Aluminum: Unlike certain metals, aluminum is widely produced for both industrial and consumer products, meaning food and beverage sectors could also face challenges in the near future.
Wheat: Russia and Ukraine combined produce almost one-third of the world’s supply, leaving many countries in need of alternative sources for the staple grain.
While Ukraine is not targeted by the sanctions, the regional instability has prompted companies to start seeking alternative suppliers for goods, such as neon, a critical component in the production of semiconductors. ASML, a key supplier for computer chip makers, has already announced that it is seeking other options for their neon supply outside of Ukraine, as are many other companies in manufacturing sectors, ranging from computers to automotive.
Although the West seems to be holding off on more sanctions directly hitting raw materials and the oil & gas market, they are certainly not off the table in the future. Aluminum prices jumped over 30% in a matter of days when sanctions were imposed on Rusal, the country’s leading metal maker back in 2018.
Unfortunately, physical infrastructure damage is also a likely possibility. As tensions escalate - dozens have already died and bombings continue- transporting materials might pose additional obstacles and severely impact supply.
This puts immense pressure on the global supply chain to quickly pivot and have alternative suppliers in place for key commodities in the likely event trading is further impacted.
Cyber attacks by Russian hackers on Ukrainian entities have subsequently increased threats of global attacks, and the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) issued a joint Technical Alert this month, urging that private and public organizations prepare for increased Russian sponsored attack activity. This means that private companies must evaluate vulnerabilities not only on their own infrastructure, but those on their upstream supplier network as well.
While cyber hacks on SolarWinds and Colonial Pipeline have made headlines in recent years, many are still unaware of the sophistication of the RaaS industry, or Ransomware as a Service. These companies, almost all located in Russia, mirror the structure of typical SaaS companies and startups, with dedicated teams for customer success, compliance, and marketing. They also share similar concerns with C-suite executives such as product differentiation and staying ahead of competition.
The RaaS provider DarkSide was known for taking down Colonial Pipeline in 2021, and other leaders in the space, such as REvil, LockBit and Avaddon, remain hungry for developing cutting edge products for their customers, aka hackers.
Due to the high profile nature of recent attacks, such as the SolarWinds hack, these providers briefly backed off on targeting state institutions, leaving the private sector particularly vulnerable. However, as recent events unfold in Eastern Europe, all entities - government and private sectors - face a resurgence in cyber attack risk.
Measure cybersecurity risk for all suppliers - objectively: Firms of all sizes mistakenly rely on supplier surveys conducted in the past to evaluate current risk. However, surveys tend to portray the supplier in the best light possible and do not necessarily offer an objective portrayal of their entire risk profile. In addition, these point-in-time assessments only capture risk snapshots over a brief period and become quickly irrelevant after months, even weeks. Comprehensive Cybersecurity Health Scan reports provide up-to-date data from premium, third party sources.
Evaluate Dependency on Ukrainian IT services: Companies might be more dependent on Ukrainian services than meets the eye. The country’s Ministry of Foreign Affairs claims that over 100 Fortune 500 companies rely in some part on their IT services, and are consistently among the top outsourcing options for technical services worldwide.
Remove Internal Communication Silos: Procurement is primarily concerned with sourcing, evaluating and monitoring suppliers, but they very rarely oversee information technology and security departments. This results in less-than-optimal security oversight in firms’ supplier networks. Ensure communication and collaboration between both departments, in addition to other stakeholders, can be easily achieved from one single supplier intelligence platform.
There are many unknowns that supply chain leaders are currently facing. But deep visibility into your current supplier network, as well as the ability to execute on contingency plans, will mitigate disruption to not only your company but the entire value chain.
Learn more about Craft's supplier intelligence platform here.