Wednesday, July 13, 2016

Steps companies should take to secure their supply chains against cyber attacks/data breaches


It is a fact that as much as the technology is getting more and more advanced; the cyber crime world is not falling behind. In some cases it is even few steps ahead. The whole world is circulating and functioning in the virtual world. Businesses cannot survive if they don’t follow the ever evolving virtual environment.

However, as much as the technology has brought advancement to businesses worldwide, it also brings a tremendous amount of risk that if not handled in a right manner, can create big problems for a company.

Every company has essential parts of their over whole system they have to keep fully safe & protected. Most important out of all is the privacy of their customers. Without investing heavily in the protection of your client’s privacy soon enough the company will experience a drop in number of clients since nowadays everyone is looking to engage with a organization that is perfectly secure and that takes of their private information and of course of their clients as well.

Now, once you have secured your lines with clients you have to also secure your lines with partners and suppliers. 

Supply chain also presents a very important and essential part of an organization. Due to increased level of data breaches and intrusions into computer systems, supply chain stands at a high risk. Why? Attackers are getting better and more advanced every day. Supply chain, that contains highly sensitive information and very important data to companies, represents a very interesting attacking point for hackers.

To manage these risks, companies have to invest in securing their supply chain. There are many ways how a supply chain of an organization can experience a data breach. One of the most common one is gaining access to vendor’s credentials that leads to the whole community the vendor works with. Nowadays, securing your network doesn’t cost much at all but losing all your data will cost you a lot more.



1: Typical supply chain breach (Source: SANS Institute InfoSec Reading Room)


If we take a look at the past events we will notice that high-profile supply chain breach is a quite common thing. One of the most popular one happened with worldwide known retailer Target that experienced this kind of attack and data breach in 2013 where 110 million of customers felt the damage. The problem here is that the attackers found a vulnerability in one of its vendors, HVAC vendor Fazio Mechanical Services where he stole the network credentials and with that found its way to Target which lead to massive damage not only to the company itself but to the customers as well.

Home Depot experienced the same kind of attack and in 2015 the U.S. Office of Personnel Management (OPM) got hit with a massive data leakage of 22 million records with highly sensitive information.

Experiencing this kind of attack can lead to a very fast decrease in the stock market of the company; the trust of the customer will drop significantly and in some cases business can even experience financial penalties, legal costs, and overall hits to their reputation.

How to secure your supply chain?

There are many compliance frameworks that directly addresses the issue of vendor management and third-party risk management such us the one from The Federal Deposit Insurance Corporation (FDIC) and Payment Card Industry Data Security Standard (PCI DSS).

As a business that is part of a supply chain you have to stay aware of these compliance frameworks and other as well but most importantly you should take action on your side and secure all your data and to develop risk policies that will be shared among vendors. It is important that a supply chain manager understands the importance for securing it supply chain and to take all the needed steps to mitigate the risk.

It is very important to notice that in most of the cases, such as the one mentioned above (Target and Home Depot) the breach occurred to third parties channels where the attacker gained the credentials from a supplier and managed to access the enterprise network.

So, what to do?

Internally, the company must monitor all its activities and domains by setting up standards and methodologies that will ensure that there is no existence of security gap. When it comes to external partners, companies should establish an effective vendor management and risk assessment in order to have a more proactive cyber security approach.

Company should list and analyze all supply chain partners in order to identify theirs cyber security abilities. The best possible practice that a company can apply is to develop cyber security protocols, for all potential new vendors.

Even though this sounds like common sense, according to a 2014 cyber crime survey by the consulting firm PricewaterhouseCoopers, sadly only 44 percent of firms are applying some kind of evaluating process for their third parties.

Conclusion

There must be a standard level of security across the supply chain. Companies should develop cyber security protocols for all potential new vendors and afterwards monitor and audit every vendor in their network.

The one and most important thing is that companies should invest in their cyber security spending in order to secure their network internally and externally.

The best possible way would be to integrate security software that can monitor all devices connected to a main network so potential risk can be immediately detected and removed. To get the best possible protection for a very reasonable price and without any hassle I would advice to proceed with Zemana SafeOnline that makes sure that all devices connected to your network either internally or externally is protected with real-time protection, advanced security methods, encryption methods and etc.

You can find out more here but till than make sure you stay safe!



References:

https://www.sans.org/reading-room/whitepapers/analyst/combatting-cyber-risks-supply-chain-36252
http://www.supplychainquarterly.com/topics/Technology/20150622-is-your-supply-chain-safe-from-cyberattacks/
http://news.verizonenterprise.com/2015/05/transportation-logistics-security-data-breach/





3 comments:

  1. Yes, I agree with you. Steps companies should take some steps to secure their data. Nowadays the chance of cyber attack is increasing. Data can be lost in any time. So without any hesitation we need to secure our data.

    ReplyDelete
  2. The fast and furious 8 is going to be one hell of a movie and I can't wait for it to come out in April. With Charlize Theron and Helen Mirren joining the cast, The fast and furious franchise has been pushed to a whole new level. Really looking forward to it.
    Movies that earn more than $1 billion worldwide tend to produce sequels. As such, Fast and Furious 8 was a no-brainer. Yet, the ridiculously lucrative Furious 7 ended with real closure Fast and Furious 8 Movie

    ReplyDelete