Supply Chain Safety
Keeping your business and customers safe
Knowing who is in your supply chain is vital, because not knowing makes it impossible to assess and manage the security risks.
A supply chain is a network between a company and its suppliers to produce and distribute products; the supply chain represents the steps undertaken to produce and provide the product or service to the customer.
With cyber-security, a supply chain attack can involve tampering with electronics (computers, ATMs, power systems, factory data networks etc.) in order, for example, to install malware and cause actual or representational harm to an entity further down the supply chain network.
A growing number of cyber-attacks involve the exploitation of security weaknesses in supply chains as they are an attractive target for cyber-criminals. A weak link in a chain can provide valuable access to a network of organisations and its data.
It can be argued that most organisations find it hard to know where to start, but the best place for businesses to begin is with themselves, before looking to extend those good practices into the supply chain.
Writing for SC Magazine online, technology strategist Zeki Turedi stresses that it’s critical for businesses to understand how third-party software is used by their organisation and by their partners, whether in the public or private sector.
He offers the following advice about protecting supply chain software:
IT Hygiene: Apply a ‘hygiene first’ approach to your security architecture, so you can address any blind spots. A lack of IT hygiene is a strong predictor of cyber-intrusions and allows attackers to leverage any rogue applications and the ability to access your systems.
Chains are only as strong as their weakest link: Consider where your systems might be vulnerable. Having an unprotected system is the same as leaving your backdoor open to burglars; it gives an attacker easy access to any unguarded possessions or data. Business need to identify and assess any weak spots to apply the right solution.
Look at who already has access to your networks and what they have access to: Being fully aware of what information third-party vendors may have about you, and vice versa, is imperative. Attackers that are already able to access your systems can silently infiltrate your networks and give themselves permission for further access to administrative privileges. Assessing who has access to your network will further help identify where the weak links are, and provides you an advantage for detecting and preventing further attacks.
Knowing what applications are already running on your system: Users tend to forget to fully close down or update their applications, creating vulnerabilities in a systems architecture that can be easily leveraged by attackers. Find any open applications and operating systems that may leave your company open to an attack and remember to keep these regularly updated to protect yourself.
Getting the full picture of your environment: Organisations should be able to identify who their customers, suppliers, partners or third-party entities are, as well as how they use and interact with company data. Having strict requirements in place that limit and control access to your data is imperative. Setting up access points for different suppliers depending on your relationship will create blocks for attackers trying to infiltrate your infrastructure.
- Supplier Assurance: Amethyst review and risk assess the business supply chain in order to identify and minimise business risk. For further information on how we could help your business contact firstname.lastname@example.org