Securing The Supply Chain

Uploaded on 2024-06-07 in TECHNOLOGY--Resilience, FREE TO VIEW

In the modern business ecosystem, supply chains have become increasingly complex and connected, especially from a digital standpoint. This presents fresh opportunities for cybercriminals and malicious actors to access business networks and wreak havoc. 

In the past, it was enough to simply secure your own operations, train your own teams and adopt your own technologies to protect your security posture. Today, it is more complicated.

Software supply chain attacks are becoming increasingly common, with Gartner predicting that 45% of global organisations will experience one by 2025 - three times higher than in 2021. This makes safeguarding supply chains more important than ever.

Would-be cyber attackers are probing all parts of the supply chain to find a weak opening. Businesses should not assume that their partners have robust cybersecurity strategies in place. They must be responsible for ensuring that any weak links in the chain are mitigated and that they are able to protect themselves and their customers. 

The Supply Chain Is Under Attack

Many businesses operating today depend heavily on a vast network of suppliers to plan, create, and deliver products and services. Despite this, relatively few are taking steps to formally review the risks posed by these suppliers. In fact, this year the government’s annual ‘Cyber security breaches survey’ discovered that only one in ten (11%) businesses are looking at the risks posed by their immediate suppliers and the proportion of those assessing their wider supply chains is half that number (6%). Against this backdrop, supply chain operations have become prime target for cyber criminals. 

Warding off the risk of threats in your supply chain, however indirect the link may seem, is a crucial part of protecting your direct business.

If you are operating within a supply chain, you will often have security requirements imposed by your customers or third parties through Service-Level Agreements (SLAs). It is important to have similar conditions and default standard security clauses included in all contracts with your own contracted suppliers. Having a strategy in place, such as Zero Trust, in case the worst case scenario plays out is also essential.

Considering A Zero Trust approach

One best practice when it comes to bolstering supply chain security is to embrace a “zero trust” architecture. This removes the element of automatic trust in device and employee security.  

Zero Trust Network Access (ZTNA) works by granting access to networks based on the identity of the user and their context (e.g. which applications are being accessed). Users are first classified based on their business roles and the levels of access they require. Next, the context of the request is assessed – like where the user is connecting from, through what device, and whether the device is secure. 

ZTNA operates on the concept of “never trust, always verify” which means the user access session is continuously verified. In other words, if an attacker accesses a weak point in the supply chain, they won’t be able to get any further into the network. Adopting this framework will enable organisations to prioritise traffic and securely access Software-as-a-Service (SaaS) and cloud applications across the supply chain. It enables IT teams to boost resilience against third-party security risks in the supply chain, without giving up the operational benefits of vendor or supplier relationships.

One of the biggest challenges for organisations looking to adopt a Zero Trust model is a lack of understanding about the framework and how to correctly implement it. According to Gartner, 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but more than half will fail to realise the benefits. Therefore, it is critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner who can offer tailored solutions. 

In our connected world, businesses should look beyond their walls when it comes to security. Whilst protecting the technology that runs the supply chain is undoubtedly challenging, a Zero Trust framework, strong relationships and SLAs with your providers, alongside the right level of training and upskilling for your team members, can enable businesses to stay one step ahead and ensure that any potential gaps in the supply chain can be mitigated quickly and efficiently. 

Tom Major is SVP Product Management at GTT

Image: Aakash Dhage

You Might Also Read: 

Problems With Underperforming Cyber Security Service Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Cybersecurity Risks Of Generative AI
Fake News & Disinformation In Poland   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

Mercury Systems

Mercury Systems

Mercury Systems is the leader in making trusted, secure mission-critical technologies profoundly more accessible to aerospace and defense.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.