As organizations become more digitally connected to their vendors, partners and other third parties, they are quickly discovering that they ignore supply chain security at their peril. Supply chains connect manufacturing companies with logistics firms, transportation providers and others to get products and services onto our store shelves, and poor supply chain cyber security can break the chain.
Supply chain security risks at a glance
Data sharing and other connected-collaboration is common between players in a supply chain, and these activities bring inherent risk. Everything from malware, ransomware and denial-of-service (DoS) attacks to a simple application being compromised can be used in a supply chain attack.
The interconnected nature of the firms in a supply chain means attackers may only have to exploit one weak link in order to have far-reaching effects across multiple enterprises.
Supply chain risk examples
No industry is immune from supply chain cyber security threats. Two recent supply chain risk examples reinforced the importance of cyber supply chain risk management and supply chain security.
One attack affected customers of a provider of networking tools called SolarWinds. As reported by CSO Online, criminal actors managed to compromise a plugin associated with a SolarWinds product that allowed them to steal and use credentials. This allowed them to subsequently breach the network security of many different entities using the SolarWinds product, including cyber security software vendor FireEye.
In another case, news outlets, including ZDNet, reported that a ransomware attack forced Colonial Pipeline to shut down pipeline operations entirely. This disrupted the flow of fuel such as gasoline, diesel and home heating oil far down the supply chain.
While these are just a couple of recent supply chain risk examples, they are a good reminder about the importance of remaining vigilant about supply chain cyber security threats.
How to help minimize supply chain cyber security threats
Because supply chain cyber security threats can affect any industry at any time, supply chain security requires thinking holistically about cyber supply chain risk management, what can be done to bolster security through technology, any changes to business processes, and how people are trained and supported.
Mitigation starts with some technology basics, including making sure all those participating in a supply chain are using safeguards such as two-factor authentication, biometric access controls (where permitted or applicable), and security and incident monitoring tools.
The above examples demonstrate that cyber criminals have also been known to target potential weaknesses in open-source software, so applications based on that kind of code should be tested regularly and monitored closely. The design process for any vendor should be well-documented, and vendors should be able to provide details on how they address vulnerabilities such as zero-day threats.
Process considerations could include making sure to remove network access to third parties once a contract has been completed. Regular server and network audits should be conducted to ensure admin and access policies are up to date and being enforced.
It may be necessary to revisit or reconsider device use policies, such as bring your own device (BYOD). These can be a popular attack vector for malware and phishing schemes. Employees may also need to be given direction on how they should connect to the network, such as via a virtual private network (VPN).
How partners can bolster supply chain cyber security
Assessing supply chain risk helps to reinforce the fact that it takes a team to manage supply chain security. There should be clear roles and definitions of responsibility among everyone involved. This might include determining who will be charged with monitoring for supply chain cyber security threats, who will need to assist with recovering data and who will be managing the overall response plan.
Staying informed about supply chain cyber security threats can become incredibly difficult for organizations to accomplish on their own, given the regular work that goes into running an effective supply chain. Managed service providers can not only help to fill the gaps but provide value across multiple areas.
Companies might turn to managed service providers to assist with ongoing threat intelligence and cyber supply chain risk management, for example. Such firms also have deep expertise in mitigating cyber security attacks when they happen, which can help to minimize any financial or other damage. Finally, managed service providers can act as an extension of the team to make sure supply chain security remains a top priority.
Learn more about how the right technology can help minimize supply chain cyber security threats and better protect your business from becoming a victim.
The author of this content is a paid contributor for Verizon.