You are only as strong as your weakest link.
Supply chain cybersecurity is heavily dependent on the complex interchange of a vastly interconnected and geographically diverse ecosystem that is both deep in its industrial reach and highly nuanced based on any number of risk factors impacting each partner.
Attempting to accurately navigate the supply chain ecosystem may often involve managing “vendors, system integrators, services suppliers and other third-parties, plus the entire services and technology stack that contributes to the design, manufacturing, distribution, deployment, and consumption of information and communications technologies and services.”
By better understanding what is at risk, contextualizing industry best practices, and defining the core pillars to building a dynamic cybersecurity culture across the supply chain invested players can be empowered to make the change and mitigate cyber threats coming from all directions.
Defining the terms
Richard George, the former National Security Agency technical director of information assurance and current senior advisor for cybersecurity at Johns Hopkins University Applied Physics Laboratory astutely observed that “Cybersecurity really is a supply chain problem that encompasses the telecom carriers that are used by businesses, the hardware and software that supports organizational workflow, and the cloud assets that so many organizations are leveraging today.”
With so many seemingly disconnected parts of the supply chain, the process of defining what the most pressing problem is and how to provide tangible solutions can be daunting. Understanding risk indicators and best practices may just be the solution…
According to the risk methods 2020 Risk Report, risk indicators refer to “various factors that contribute to a certain type of business risk, or events that could cause supply chain disruption. For example, financial stability of a supplier is a type of risk that faces many organizations, while the risk indicators include specific incidents like bankruptcy, force majeure or product release delays.”
Important Stats
The risks to the supply chain have been growing in no small part to the increase in remote work and lack of effective cyber protection linked to the Covid-19 pandemic.
From January – May 2020 alone there was a:
Weapons to Mitigate Cyber: Best Practices
According to the National Institute of Standards and Technology the ability to implement industry best practices directly correlates with a business’s success in mitigating cyber risk across the diverse players in the supply chain. Of the many suggestions the NIST offered, the following quintessentially reflect the core intention of what is needed to decrease cyber risk in the supply chain.
Outlining the definitive cybersecurity obligations of each link in the supply chain from square one ensures all partners accept responsibility for their security posture.
According to Cybint, 95% of cybersecurity breaches are caused by human error. As a result of this striking stat, it is mission-critical to implement as much automation throughout the supply chain to better compartmentalize risk and determine if a technical solution is required.
By keeping close tabs on all the vendors and subcontractors connected with vital projects IT teams and systems admins can quickly respond to potential breaches, segmenting risk and ensuring rigorous controls on access to vendors are maintained.
Supporting repeat offenders and leaving your assets at risk is not a viable solution when we are speaking about the scale and potential costs for enterprise customers. By clearly defining what is at stake for non-compliance all players in the supply chain are held to the highest standards and network security improves exponentially.
Key steps moving forward.
The ability to enhance supply chain cybersecurity comes down to a combination of accurately understanding the risks being faced by the various players in the supply chain and establishing the protocols, either technical, contractual, or education-based to mitigate cyber threats. In practice, the only way to slow the pace of data breaches and harden secure systems against the risks of state-sponsored hackers and ad hoc cybercriminals is to establish and consistently adapt a comprehensive cybersecurity policy from the top down.
By having a clear vision of expectations, establishing long-term protocols to support cyber awareness, and implementing technical solutions to mitigate risk, the supply chain has the chance to decrease its attack surface and provide a unified front against cyber-attacks.
Entitle is a pioneering privilege management solution that discovers, manages, and automates just-in-time (JIT) access and modern identity governance and…
Available freely to Samtec customers under NDA, SIBORG (Signal Integrity Breakout Region Guru) works with Ansys HFSS 3D Layout to…
Entire NR1 system purpose-built for a more affordable AI infrastructure allowing for faster deployment; furthering AI’s reach into more parts…
Following rapid growth in its customer base to over 400, funding will fuel further AI development and create a hybrid…
The addition of EA’s high-efficiency regenerative power supplies greatly expands Tektronix’s trusted offering Tektronix, Inc, a leading provider in test…
Melexis reveals its groundbreaking Induxis® switch, the MLX92442. Contactless, magnet-free, and strayfield immune, this monolithic solution directly detects conductive targets.…