Securing The Supply Chain

Uploaded on 2024-06-07 in TECHNOLOGY--Resilience, FREE TO VIEW

In the modern business ecosystem, supply chains have become increasingly complex and connected, especially from a digital standpoint. This presents fresh opportunities for cybercriminals and malicious actors to access business networks and wreak havoc. 

In the past, it was enough to simply secure your own operations, train your own teams and adopt your own technologies to protect your security posture. Today, it is more complicated.

Software supply chain attacks are becoming increasingly common, with Gartner predicting that 45% of global organisations will experience one by 2025 - three times higher than in 2021. This makes safeguarding supply chains more important than ever.

Would-be cyber attackers are probing all parts of the supply chain to find a weak opening. Businesses should not assume that their partners have robust cybersecurity strategies in place. They must be responsible for ensuring that any weak links in the chain are mitigated and that they are able to protect themselves and their customers. 

The Supply Chain Is Under Attack

Many businesses operating today depend heavily on a vast network of suppliers to plan, create, and deliver products and services. Despite this, relatively few are taking steps to formally review the risks posed by these suppliers. In fact, this year the government’s annual ‘Cyber security breaches survey’ discovered that only one in ten (11%) businesses are looking at the risks posed by their immediate suppliers and the proportion of those assessing their wider supply chains is half that number (6%). Against this backdrop, supply chain operations have become prime target for cyber criminals. 

Warding off the risk of threats in your supply chain, however indirect the link may seem, is a crucial part of protecting your direct business.

If you are operating within a supply chain, you will often have security requirements imposed by your customers or third parties through Service-Level Agreements (SLAs). It is important to have similar conditions and default standard security clauses included in all contracts with your own contracted suppliers. Having a strategy in place, such as Zero Trust, in case the worst case scenario plays out is also essential.

Considering A Zero Trust approach

One best practice when it comes to bolstering supply chain security is to embrace a “zero trust” architecture. This removes the element of automatic trust in device and employee security.  

Zero Trust Network Access (ZTNA) works by granting access to networks based on the identity of the user and their context (e.g. which applications are being accessed). Users are first classified based on their business roles and the levels of access they require. Next, the context of the request is assessed – like where the user is connecting from, through what device, and whether the device is secure. 

ZTNA operates on the concept of “never trust, always verify” which means the user access session is continuously verified. In other words, if an attacker accesses a weak point in the supply chain, they won’t be able to get any further into the network. Adopting this framework will enable organisations to prioritise traffic and securely access Software-as-a-Service (SaaS) and cloud applications across the supply chain. It enables IT teams to boost resilience against third-party security risks in the supply chain, without giving up the operational benefits of vendor or supplier relationships.

One of the biggest challenges for organisations looking to adopt a Zero Trust model is a lack of understanding about the framework and how to correctly implement it. According to Gartner, 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but more than half will fail to realise the benefits. Therefore, it is critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner who can offer tailored solutions. 

In our connected world, businesses should look beyond their walls when it comes to security. Whilst protecting the technology that runs the supply chain is undoubtedly challenging, a Zero Trust framework, strong relationships and SLAs with your providers, alongside the right level of training and upskilling for your team members, can enable businesses to stay one step ahead and ensure that any potential gaps in the supply chain can be mitigated quickly and efficiently. 

Tom Major is SVP Product Management at GTT

Image: Aakash Dhage

You Might Also Read: 

Problems With Underperforming Cyber Security Service Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Cybersecurity Risks Of Generative AI
Fake News & Disinformation In Poland   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.