Supply Chain Cybersecurity-Among the various challenges inherent in today’s complex supply chains, cybersecurity is one of the most pressing. All the work your IT team does to secure company network and systems means little if a third party has been lax in defending against cybercrime.
A supply chain is a multi-party ecosystem, involving many vendors and suppliers who may have access to your business’s IT infrastructure. These interconnections can help immensely in bringing about increased efficiency and expediting processes. Yet these connections also increase the attack surface, giving cybercriminals more possible entry points into your systems.
In July 2018, for instance, an engineering service provider lacking server restrictions risked exposureof sensitive data from more than 100 of its auto manufacturers and parts company partners. Those companies could have had the fiercest firewalls and cybersecurity protections in place internally, but the vendor put the information at risk.
As the Information Security Institute (InfoSec) puts it, “Cybersecurity of any one organization within the chain is potentially only as strong as that of the weakest member of the supply chain.”
Best Practices for Cybersecurity in the Supply Chain
A supply chain attack is also known as a value-chain or third-party attack. These types of attacks are growing more common as an increasing number of suppliers and service providers share data and information, as well as system or network access. Be proactive protecting against cybercriminals with these six best practices:
1. Inventory Data Access
You can’t protect your data, applications, systems, or network unless you have a clear idea of who has access to these entities. Audit your third-party relationships to determine just how interconnected you are. What data and systems do you share? According to a 2018 Ponemon Institute survey, “Only 35% of companies had a list of all the third parties they were sharing sensitive information with.”
Target, for instance, was blindsided in 2014 when lax security at its HVAC vendor led to a massive breach. Attackers used stolen credentials from the vendor to hack the retailer and steal the data of 70 million customers and 40 million credit cards and debit cards.
2. Ask Cybersecurity Questions
Don’t assume that other organizations are going to handle cybersecurity to your standards. Develop a clear policy internally about what information or access will be shared, how it will be monitored, and what security promises will be demanded. Talk to your partners to find out what they are doing to protect against vulnerabilities. If they can’t answer cybersecurity questions to your satisfaction, you might want to take your business elsewhere.
Considering the cost of downtime and the negative impact a data breach can have on your brand reputation, it may be worth it to shop around for a supplier with high standards for cybersecurity. Gartner research suggests that the average cost of network downtime is $5,600 per minute, or about $300,000 per hour.