05 December 2018

Keeping cyber-attackers out of your supply chain

Keeping cyber-attackers out of your supply chain

Globalisation, new technologies and digital business models are transforming the supply chain. Many businesses rely on organisations and individuals in different regions or countries to own the processes, materials or expertise used to provide a product or service.

However, malicious individuals or groups are increasingly aware that any supply chain is only as strong as its weakest link. If just one participant in a supply chain is lax about security, all businesses and individuals involved may be at risk.

Malicious parties may exploit weaknesses to steal valuable intellectual property, disrupt the creation or delivery of products and services, or threaten businesses or individuals for financial gain.

The United States National Institute of Standards and Technology (NIST) highlighted the importance of a cyber-secure supply chain in its Cybersecurity Framework. The latest version of the Framework – which provides voluntary guidance for organisations to better manage and reduce cyber-security risks – incorporates additional descriptions about how to manage supply chain cybersecurity.

Furthermore, a recent KPMG report points out “organisations that understand and manage the breadth of their interconnected supply chains and their points of vulnerability and weaknesses are better placed to prevent and manage issues.”

So what measures businesses can take to reduce cyber-security risks to their supply chains? Here are some steps that business owners and managers may consider taking:

  • Provide security expertise and resources to all participants in their supply chain.
  • Review participants’ processes for addressing technology vulnerabilities that attackers may exploit.
  • Check participants’ processes and technologies for dealing with infections by malicious software (malware).
  • Determine whether background checks are conducted on all workers involved in the business’s supply chain.
  • Review processes used to ensure all components used in the supply chain are legitimate and free of malware or vulnerabilities.

By implementing these and other measures through a comprehensive supply chain cyber security plan – that is itself part of an integrated approach to cyber security and physical security – businesses can minimise the risk of infiltration and compromise by attackers. If you would like to learn more, please contact us at info@firstwave.com.au.