Supply Chain Cybersecurity: Proactive Threat Prevention
CIOReview
CIOREVIEW >> Cyber Security >>

Supply Chain Cybersecurity: Proactive Threat Prevention

Mark Jones, Chief Information Security Officer, Transportation Insight Holding Company
Mark Jones, Chief Information Security Officer, Transportation Insight Holding Company

Mark Jones, Chief Information Security Officer, Transportation Insight Holding Company

With disruptions continuing to plague the supply chain, business leaders cannot afford additional disruptions as the result of a cybersecurity attack. Now is the time to get ahead of potential security threats by embracing processes and solutions that can proactively prevent them. This means ensuring policies, processes, and technology controls are in place to protect vulnerable companies that make-up the supply chain.

Consider this: there was a 42% increase in attacks on the supply chain in Q1 2021. Yet, 77% of  companies do not have a cybersecurity program applied consistently across their organization. Given this, it’s not surprising that 95% of C-level executives think more about securing the supply chain now than they did just two years ago.

The best way organizations can work towards securing the supply chain against cyber threats is to implement a formal cybersecurity program.

Understand Common Cybersecurity Risks

An important step towards improving security posture is to create and implement a formal cybersecurity program based on an industry standard, such as NIST or ISO 27001. A part of this strategy is for companies toimplement security awareness training to ensure that all employees understand the security threats they will most likely encounter:

• Malware: Malicious software designed to exploit networks or devices to steal sensitive data. Ransomware is the most common malware currently disrupting businesses. Approximately 37% of global organizations were the victim of ransomware attacks in 2021.Ransomware attacks can severely and negatively impact the supply chain. Employees should be aware that ransomware can spread via links in email and social media or by clicking on compromised links in websites.

"The best way organizations can work towards securing the supply chain against cyber threats is to implement a formal cybersecurity program"

• Phishing: Fraudulent communications and typically emails, designed to extract sensitive and personal information. These attacks are meant to trick recipients by appearing to come from a trusted source. In 2020, 6.95M new phishing and scam pages were created, and in 2021, email security was ranked as the top IT security project for organizations. To help prevent phishing, companies can invest in email protection software to warn team members of suspect emails, as well as multi-factor authentication, and security awareness training.

Prepare Today to Protect Tomorrow

In addition to arming employees with the right information, there are additional processes companies can follow to lessen the chances of a supply chain cyberattack.

• Vet third-party vendors: Review vendors and partner security programs to ensure their standards adequately protect sensitive shared data. This is especially important within the supply chain, as organizations often have a long list of partners they coordinate with – from sourcing to production to delivery – exposing them to more potential threats. Make sure security language is also included in every vendor contract, which must be adhered to by all parties.

• Impose routine audits: Invest in cybersecurity solutions to fix vulnerabilities and perform ongoing checks by testing your controls and response efforts every quarter or at least annually to reassess the strength of security efforts.

• The supply chain will continue to evolve and become increasingly digital. Unfortunately, this also broadens the threat landscape, providing more opportunities for cybersecurity threats. With supply chain operational efficiency and business profitability on the line, companies must proactively implement cybersecurity measures into business operations to reduce risks to the supply chain.

Read Also

Challenges Over The Past 18 Months

Marc Ashworth, Chief Information Security Officer, First Bank

Information Technology Thought Leadership And The Challenges

Christopher Nichols, Director IT/OT Resiliency & Support, Stanley Black & Decker

Security Architecture In Theory And In Practice: Why Security Should...

Marco Morana, Head of Security Architecture, JPMorgan Chase & Co

How Wi-Fi 6 Will Seamlessly Integrate With 5g

David Haynes, Vice President, Specialty Technologies for Lam Research's Customer Support Business Group (CSBG)

Adopting Digital

Abdullah Sultan Al-Rashdi Head of Digital Strategy & Integration at Petroleum Development Oman

Get a reputable firm to conduct a full-blown SAQ audit & confirm gaps

Michael P. O’Hara, Information Security Principal, The Avon