Securing The Supply Chain

Uploaded on 2024-06-07 in TECHNOLOGY--Resilience, FREE TO VIEW

In the modern business ecosystem, supply chains have become increasingly complex and connected, especially from a digital standpoint. This presents fresh opportunities for cybercriminals and malicious actors to access business networks and wreak havoc. 

In the past, it was enough to simply secure your own operations, train your own teams and adopt your own technologies to protect your security posture. Today, it is more complicated.

Software supply chain attacks are becoming increasingly common, with Gartner predicting that 45% of global organisations will experience one by 2025 - three times higher than in 2021. This makes safeguarding supply chains more important than ever.

Would-be cyber attackers are probing all parts of the supply chain to find a weak opening. Businesses should not assume that their partners have robust cybersecurity strategies in place. They must be responsible for ensuring that any weak links in the chain are mitigated and that they are able to protect themselves and their customers. 

The Supply Chain Is Under Attack

Many businesses operating today depend heavily on a vast network of suppliers to plan, create, and deliver products and services. Despite this, relatively few are taking steps to formally review the risks posed by these suppliers. In fact, this year the government’s annual ‘Cyber security breaches survey’ discovered that only one in ten (11%) businesses are looking at the risks posed by their immediate suppliers and the proportion of those assessing their wider supply chains is half that number (6%). Against this backdrop, supply chain operations have become prime target for cyber criminals. 

Warding off the risk of threats in your supply chain, however indirect the link may seem, is a crucial part of protecting your direct business.

If you are operating within a supply chain, you will often have security requirements imposed by your customers or third parties through Service-Level Agreements (SLAs). It is important to have similar conditions and default standard security clauses included in all contracts with your own contracted suppliers. Having a strategy in place, such as Zero Trust, in case the worst case scenario plays out is also essential.

Considering A Zero Trust approach

One best practice when it comes to bolstering supply chain security is to embrace a “zero trust” architecture. This removes the element of automatic trust in device and employee security.  

Zero Trust Network Access (ZTNA) works by granting access to networks based on the identity of the user and their context (e.g. which applications are being accessed). Users are first classified based on their business roles and the levels of access they require. Next, the context of the request is assessed – like where the user is connecting from, through what device, and whether the device is secure. 

ZTNA operates on the concept of “never trust, always verify” which means the user access session is continuously verified. In other words, if an attacker accesses a weak point in the supply chain, they won’t be able to get any further into the network. Adopting this framework will enable organisations to prioritise traffic and securely access Software-as-a-Service (SaaS) and cloud applications across the supply chain. It enables IT teams to boost resilience against third-party security risks in the supply chain, without giving up the operational benefits of vendor or supplier relationships.

One of the biggest challenges for organisations looking to adopt a Zero Trust model is a lack of understanding about the framework and how to correctly implement it. According to Gartner, 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but more than half will fail to realise the benefits. Therefore, it is critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner who can offer tailored solutions. 

In our connected world, businesses should look beyond their walls when it comes to security. Whilst protecting the technology that runs the supply chain is undoubtedly challenging, a Zero Trust framework, strong relationships and SLAs with your providers, alongside the right level of training and upskilling for your team members, can enable businesses to stay one step ahead and ensure that any potential gaps in the supply chain can be mitigated quickly and efficiently. 

Tom Major is SVP Product Management at GTT

Image: Aakash Dhage

You Might Also Read: 

Problems With Underperforming Cyber Security Service Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Cybersecurity Risks Of Generative AI
Fake News & Disinformation In Poland   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.