Topics In Demand
Notification
New

No notification found.

How to Protect your Supply Chain from Disruptive Cyber Attacks Part 2: How Specialization is Affecting Cyber Security
How to Protect your Supply Chain from Disruptive Cyber Attacks Part 2: How Specialization is Affecting Cyber Security

175

0

Cybersecurity attacks on the supply chain have increased significantly in recent years, and it's become more crucial than ever for private companies to protect their supply chain from this growing threat.

Part 1: How Globalization is Affecting Cybersecurity covered how the cyber-related risks of an organization are directly affected as industries become more globalized. Now in part two, let's look at how increased specialization in manufacturing processes inevitably leads to the onboarding of more partners and, additionally, higher risks.

For many manufacturing organizations, dividing the production process into smaller tasks performed by a larger number of specialized partners, increases productivity. This subdivision of labor means that organizations are working with an ever-growing number of partners or third-parties who are all responsible for a small portion of the end product.

However, working with more partners makes managing your supply chain more complicated. With more and more third-parties working with complex supply chains, the potential attack surface for bad actors grows wider. More accessibility to the target and vulnerabilities become less challenging to exploit; a soft target. For example, in March 2020, hackers penetrated the US government's internal communications after their third-party software company, SolarWinds, ran a compromised update. The situation could have been prevented or mitigated with some simple measures.

Firstly, to mitigate any potential risks that come with utilizing multiple partners, your organization should account for and build your workflow to include any additional shareholders. In addition, you must be sure to review your current partners' connectivity with your systems and evaluate what data is shared. If one of your Suppliers has a cybersecurity breach, you need to ensure that even if your supplier's systems may be compromised, your data will remain secure and accessible.

You want your organization to be resilient in the likely event of a cyberattack; it's "when", not just "if". It is crucial that you put processes in place to protect the data and systems that partners access on your platforms. A proactive way to ensure this is to require new suppliers to provide a framework of their cybersecurity measures during onboarding to verify that they are operating securely and safeguarding their data.

Similar to the recommendations in Part 1, making cybersecurity requirements part of your third-party supplier contracts is pivotal. Requirements could include ensuring your suppliers provide attestation or compliance with well-known cybersecurity frameworks, such as ISO 27001, NIST CSF and SP 800-53, SSAE, and others. This will go a long way to safeguarding your organization from a disruptive attack.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.