Securing The Supply Chain

In the modern business ecosystem, supply chains have become increasingly complex and connected, especially from a digital standpoint. This presents fresh opportunities for cybercriminals and malicious actors to access business networks and wreak havoc. 

In the past, it was enough to simply secure your own operations, train your own teams and adopt your own technologies to protect your security posture. Today, it is more complicated.

Software supply chain attacks are becoming increasingly common, with Gartner predicting that 45% of global organisations will experience one by 2025 - three times higher than in 2021. This makes safeguarding supply chains more important than ever.

Would-be cyber attackers are probing all parts of the supply chain to find a weak opening. Businesses should not assume that their partners have robust cybersecurity strategies in place. They must be responsible for ensuring that any weak links in the chain are mitigated and that they are able to protect themselves and their customers. 

The Supply Chain Is Under Attack

Many businesses operating today depend heavily on a vast network of suppliers to plan, create, and deliver products and services. Despite this, relatively few are taking steps to formally review the risks posed by these suppliers. In fact, this year the government’s annual ‘Cyber security breaches survey’ discovered that only one in ten (11%) businesses are looking at the risks posed by their immediate suppliers and the proportion of those assessing their wider supply chains is half that number (6%). Against this backdrop, supply chain operations have become prime target for cyber criminals. 

Warding off the risk of threats in your supply chain, however indirect the link may seem, is a crucial part of protecting your direct business.

If you are operating within a supply chain, you will often have security requirements imposed by your customers or third parties through Service-Level Agreements (SLAs). It is important to have similar conditions and default standard security clauses included in all contracts with your own contracted suppliers. Having a strategy in place, such as Zero Trust, in case the worst case scenario plays out is also essential.

Considering A Zero Trust approach

One best practice when it comes to bolstering supply chain security is to embrace a “zero trust” architecture. This removes the element of automatic trust in device and employee security.  

Zero Trust Network Access (ZTNA) works by granting access to networks based on the identity of the user and their context (e.g. which applications are being accessed). Users are first classified based on their business roles and the levels of access they require. Next, the context of the request is assessed – like where the user is connecting from, through what device, and whether the device is secure. 

ZTNA operates on the concept of “never trust, always verify” which means the user access session is continuously verified. In other words, if an attacker accesses a weak point in the supply chain, they won’t be able to get any further into the network. Adopting this framework will enable organisations to prioritise traffic and securely access Software-as-a-Service (SaaS) and cloud applications across the supply chain. It enables IT teams to boost resilience against third-party security risks in the supply chain, without giving up the operational benefits of vendor or supplier relationships.

One of the biggest challenges for organisations looking to adopt a Zero Trust model is a lack of understanding about the framework and how to correctly implement it. According to Gartner, 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but more than half will fail to realise the benefits. Therefore, it is critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner who can offer tailored solutions. 

In our connected world, businesses should look beyond their walls when it comes to security. Whilst protecting the technology that runs the supply chain is undoubtedly challenging, a Zero Trust framework, strong relationships and SLAs with your providers, alongside the right level of training and upskilling for your team members, can enable businesses to stay one step ahead and ensure that any potential gaps in the supply chain can be mitigated quickly and efficiently. 

Tom Major is SVP Product Management at GTT

Image: Aakash Dhage

You Might Also Read: 

Problems With Underperforming Cyber Security Service Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Cybersecurity Risks Of Generative AI
Fake News & Disinformation In Poland   »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

vpnMentor

vpnMentor

We started vpnMentor to offer users a really honest, committed and helpful tool when navigating VPNs and web privacy.

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.