Categories: Blog

3 Tips for Stronger Supply Chain Cyber-Security

In late 2013, Target discovered a data breach that affected 41 million customers and cost millions of dollars. Hackers gained access to the system by compromising Target’s supply chain cyber-security through a third-party vendor. With credentials stolen from the vendor, attackers installed malware in Target’s customer database and acquired sensitive consumer data.

More recently, attackers inserted malicious code into the popular computer cleanup program CCleaner. For weeks, millions of users downloading the legitimate software also unknowingly downloaded destructive malware to their systems.

The Target and CCleaner attacks are just two examples of many that highlight the need for greater supply chain cyber-security. According to a 2016 National Institute for Standards and Technology (NIST) presentation, 80% of cyber breaches begin in the supply chain.

Modern businesses of all sizes depend on third party suppliers to provide critical services. Far too often, organizations fail to look closely into the security practices of members of the supply chain with access to their systems. This can spell disaster, even for companies with otherwise solid security.

With increasing connectivity between organizations, effective cyber-security necessarily becomes a group effort. Coordinated security plans and careful monitoring of access points help businesses mitigate the risks and contain damage when breaches do occur.

Collaboration is Critical

No longer can organizations solely trust internal security, regardless of how in-depth that security may appear. Most businesses share data with third parties both up and down the supply chain, and any successful security plan must involve all the players to avoid gaps in protection.

Start with the vendor contract. Build specific security policies and procedures into all third-party agreements. Where possible, vendors and sub-contractors should be certified to the compliance standard for your industry.

Follow up with annual risk assessments of all third parties with which you share data. Review security policies and update them as necessary. Both the connectivity and the cyber threats evolve rapidly. Your supply chain cyber-security policies must keep pace.

In addition, assume breaches will occur and create incident response plans to include timely notification when they do occur. As in the case of CCleaner, unfortunately malware can hide even in legitimate software downloads. With multi-layer security plans in place, you can minimize the repercussions.

Know and Monitor Access Points

Before you can defend your house, you must know all the entry points attackers might use to gain access. The 2016 NIST presentation reported that 72% of organizations lack an understanding of the data flow along their supply chain.

Map all third-party access points to your networks and data. Monitor those access points and check the logs regularly for any anomalies. Make sure you know which entities have access to sensitive data. Also keep in mind that hackers may choose a lower point in the supply chain to gain access and then work their way up to more attractive targets.

Limit Access to Data and Networks

Once hackers use stolen credentials to enter your network, they have access to all data and systems within the reach of that user’s privileges. To control the scope of potential breaches, limit access for both internal employees and outside vendors to just the systems needed. Invest the effort to define access control rules to the granular level.

To further protect sensitive data, consider creating a parallel (or air-gapped) network for supply chain applications. This ensures that third parties can conduct necessary work without accessing your primary network.

Supply Chain Cyber-Security: A Critical Investment

Thousands of businesses will experience supply chain disruption over the next year due to a cyber-attack or data breach. Those breaches will prove costly in dollars, reputation and downtime.

With attacks likely, and with the consequences severe, businesses cannot afford to delay addressing their supply chain cyber-security. The task can appear daunting, with so many actors involved.

Fortunately, IT security experts make it their business to keep abreast of the ever-evolving cyber landscape. With decades of experience partnering with retail firms and manufacturers worldwide, their certified engineers can customize a security solution to your specific environment.

Download Article PDF

Cloud Services New York City

Recent Posts

Shared Mailbox vs. Regular Mailbox in Microsoft Exchange

Microsoft Exchange provides multiple ways to control email communication in a business. Shared Mailboxes and…

2 days ago

Remote Work Rising: The New<br>Way We’ll Work

Remote working was once a niche specialty, only used by tech-savvy and freelancers. But in…

2 days ago

The Role of Print Servers In<br>An Organization

While we live in a digital age, print is still a staple for many businesses.…

2 days ago

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

3 days ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

3 days ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

3 days ago