External Business Partners,
Despite a challenging operating environment, P&G announced solid bottom-line, top-line and cash results for the 3rd quarter of 20/21. Our results are enabled by a strong integrated strategy which is inclusive of our supply network’s contributions to superiority, productivity and innovation. Thank you for all you are doing to bring value to P&Gs consumers. You can read more about our earnings here.
We will continue to rely on you to help us navigate the various head winds – like commodities and transportation – that we have been facing. In this month’s letter, I want to address another threat to our supply network: cybersecurity.
In the past few months, many high-profile applications have disclosed significant vulnerabilities. Among the ever-growing list are Solar Winds, Accellion FTA, F5, and Microsoft Exchange. These applications provide huge benefits to companies and are often assumed secure because of their popularity or reputation. The reality is that all software has flaws and no software developer is immune. While the attack vectors can be drastically different, the fix for these vulnerabilities is often the same: install the latest security patches.
We understand that maintaining software at the latest patch level can be difficult. However, the risk associated with leaving unpatched software exposed on the public internet has the potential to create significantly bigger challenges. The greatest concern is unauthorized and unauthenticated system access. Publicly available code and system maps are all that an attacker needs to infiltrate applications.
P&G’s method of dealing with vulnerabilities and threats comes from a defense-in-depth strategy built on the NIST (National Institute Science & Technology) cyber security framework. Here is a small sample of the steps we take:
- We enable Multi-Factor-Authentication on all corporate accounts where possible.
- We implement a rigorous patching program, which includes monitoring for security updates in critical software.
- We closely monitor our most critical systems, especially those which are exposed to the Internet.
- We integrate industry-specific security advice into our security programs.
- We implement professional Endpoint, Detection, and Response (EDR) tools, like Antivirus.
By providing as many layers as possible, we increase our chances to prevent an attack. This doesn’t stop everything, but it gives us a fighting chance. We encourage all our partners to maintain a similarly rigorous approach to security. As always, whenever there is an incident or suspected incident related to Privacy or Information Security, please report the details to the 24x7 managed P&G Security Operations Center via securityincident.im@pg.com directly. Please contact your P&G Purchases Leader with any other concerns or questions you may have.
Be safe and healthy.
Ana Elena Marziano
Chief Purchasing Officer
See https://www.pginvestor.com for P&G's full Q3 2021 earnings release issued April 20, 2021, the associated webcast presentation, definitions of non-GAAP measures and reconciliation to the most closely related GAAP measure, as well as cautionary information on forward-looking statements, which are based on current assumptions and subject to risks and uncertainties that may cause actual results to differ materially.