How to ensure supply chains are cyber proof and secure
By Ed Bradley, Founder and Director, Virtualstock
Covid-19 has caused unprecedented disruption to supply chains, particularly during the peak of the pandemic when critical products were in high demand.
Often in desperation to meet demand, many organisations turned to new suppliers they had never worked with before, exposing many flaws and vulnerabilities in the security of supply chains, not least the cyber threat.
Whilst larger organisations have invested heavily in recent years to boost their defences, smaller companies supplying larger organisations have fewer resources to invest in protection from cyber attack.
Cyber criminals, aware of this, have looked at other ways to compromise their targets and supply chains have come under frequent attacks, ever more sophisticated and devasting.
One of the major themes that has emerged from the pandemic is that companies are being held far more accountable for the security and standards of their supply chain.
Albeit not a cyber related issue in its supply chain, one major pureplay came under stinging attack for working with suppliers who had been accused of exploiting workers. It was clear from that, that the fallout, backlash and reputational damage from a cyber hack or question marks over the ethics of a supply chain can be severe.
There are practical, easy to implement and low-cost solutions which can be deployed to prevent such risks and improve the overall security of the supply chain. The starting point for companies is to adopt a threat-led and risk-based approach to cyber security by better understanding the specific threats and vulnerabilities their organisation faces.
Companies should look to assess their infrastructure and identify their key assets and security controls. They should anticipate the security incidents they are most likely to face based upon the risk profile and prepare accordingly.
The other key area is infrastructure. Companies need to ensure they are using the latest versions of software on their internet facing infrastructure. They need to assess which ports are open on the estate, and whether there is a business requirement for these to be open and ensure appropriate authentication controls are in place.
The last step is to track certificate expiry dates, to ensure those on your website are in date and issued by a trusted authority. There is another piece around credentials. It is important that employees are educated on the potential threats associated with using their professional email accounts on third-party sites. They should be informed of the importance of using unique passwords across separate accounts.
By taking some of these steps outlined above to secure the supply chain, which doesn’t require heavy investment into more complex and expensive solutions, it will help mitigate against cyber threats and improve overall security.
Continue reading…