Securing The Supply Chain

Uploaded on 2024-06-07 in TECHNOLOGY--Resilience, FREE TO VIEW

In the modern business ecosystem, supply chains have become increasingly complex and connected, especially from a digital standpoint. This presents fresh opportunities for cybercriminals and malicious actors to access business networks and wreak havoc. 

In the past, it was enough to simply secure your own operations, train your own teams and adopt your own technologies to protect your security posture. Today, it is more complicated.

Software supply chain attacks are becoming increasingly common, with Gartner predicting that 45% of global organisations will experience one by 2025 - three times higher than in 2021. This makes safeguarding supply chains more important than ever.

Would-be cyber attackers are probing all parts of the supply chain to find a weak opening. Businesses should not assume that their partners have robust cybersecurity strategies in place. They must be responsible for ensuring that any weak links in the chain are mitigated and that they are able to protect themselves and their customers. 

The Supply Chain Is Under Attack

Many businesses operating today depend heavily on a vast network of suppliers to plan, create, and deliver products and services. Despite this, relatively few are taking steps to formally review the risks posed by these suppliers. In fact, this year the government’s annual ‘Cyber security breaches survey’ discovered that only one in ten (11%) businesses are looking at the risks posed by their immediate suppliers and the proportion of those assessing their wider supply chains is half that number (6%). Against this backdrop, supply chain operations have become prime target for cyber criminals. 

Warding off the risk of threats in your supply chain, however indirect the link may seem, is a crucial part of protecting your direct business.

If you are operating within a supply chain, you will often have security requirements imposed by your customers or third parties through Service-Level Agreements (SLAs). It is important to have similar conditions and default standard security clauses included in all contracts with your own contracted suppliers. Having a strategy in place, such as Zero Trust, in case the worst case scenario plays out is also essential.

Considering A Zero Trust approach

One best practice when it comes to bolstering supply chain security is to embrace a “zero trust” architecture. This removes the element of automatic trust in device and employee security.  

Zero Trust Network Access (ZTNA) works by granting access to networks based on the identity of the user and their context (e.g. which applications are being accessed). Users are first classified based on their business roles and the levels of access they require. Next, the context of the request is assessed – like where the user is connecting from, through what device, and whether the device is secure. 

ZTNA operates on the concept of “never trust, always verify” which means the user access session is continuously verified. In other words, if an attacker accesses a weak point in the supply chain, they won’t be able to get any further into the network. Adopting this framework will enable organisations to prioritise traffic and securely access Software-as-a-Service (SaaS) and cloud applications across the supply chain. It enables IT teams to boost resilience against third-party security risks in the supply chain, without giving up the operational benefits of vendor or supplier relationships.

One of the biggest challenges for organisations looking to adopt a Zero Trust model is a lack of understanding about the framework and how to correctly implement it. According to Gartner, 60% of organisations will embrace Zero Trust as a starting point for security by 2025, but more than half will fail to realise the benefits. Therefore, it is critical for businesses to invest time in educating their teams and customers about the implementation of Zero Trust, whether this is through internal training or working with an experienced partner who can offer tailored solutions. 

In our connected world, businesses should look beyond their walls when it comes to security. Whilst protecting the technology that runs the supply chain is undoubtedly challenging, a Zero Trust framework, strong relationships and SLAs with your providers, alongside the right level of training and upskilling for your team members, can enable businesses to stay one step ahead and ensure that any potential gaps in the supply chain can be mitigated quickly and efficiently. 

Tom Major is SVP Product Management at GTT

Image: Aakash Dhage

You Might Also Read: 

Problems With Underperforming Cyber Security Service Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Cybersecurity Risks Of Generative AI
Fake News & Disinformation In Poland   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Paladion

Paladion

Paladion is a provider of managed IT security services.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

SecurelyShare Software

SecurelyShare Software

SecurelyShare Software is a security software company, specializing in data security, data privacy and data governance.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.