Topics In Demand
Notification
New

No notification found.

How to Protect your Supply Chain from Disruptive Cyber Attacks Part 3: How Digital Transformation is Affecting Cybersecurity
How to Protect your Supply Chain from Disruptive Cyber Attacks Part 3: How Digital Transformation is Affecting Cybersecurity

223

0

Digital transformation and automation remain vital trends both in business and in society. However, the relationship between organizations and third-party suppliers gets little attention, despite being critical in today's digital environment.

In Part 1: How Globalization is Affecting Cybersecurity of this series, we covered how the cyber-related risks of an organization are directly affected as industries become more globalized. Part 2: How Specialization is Affecting Cyber Security addressed how organizations' increased specialization in manufacturing processes inevitably means more partners and, potentially, higher risks. Here in Part 3, we'll look at how digital transformation and automation of processes represent a significant new threat to your supply chain. 

New, automated technologies based on remote monitoring and inventory control, product tracking, and scheduling processes now make up a large part of digital supply chains. These specific functions bring customers and suppliers into an organization's digital networks and platforms, meaning extra layers of security are necessary. Unfortunately, the security of such interconnected systems can be complex, generally unvetted, and often not seen as a critical priority for leadership teams. 

Other risks relating to digital transformation include the theft of proprietary information and sensitive data. These comprise sensitive programming parameters, design files, and production information. Losing control of this data could result in releasing confidential company information, potentially detrimental to your bottom line and reputation. 

As organizations continue to embrace advanced automation and digital technologies within their Supply Chain, their data can be better protected by following these guidelines: 
 

  • Organizations should perform an application-level penetration test for any applications that organizations have developed in-house and rely on for their supply chain. Web-based application penetration tests identify vulnerabilities in the software that could lead to unauthorized access to data or sensitive information
  • Perform penetration testing specifically against remote access systems to ensure no known vulnerabilities are allowing unauthorized access into your systems
  • Maintain strict Identity and Access Management (IAM) control to limit the time and scope of potential malicious attacker access and ensure logging of all activities by users are secured appropriately against destruction or modification
  • Any third-party party software provider should provide you with verification that they have undergone an appropriate penetration test and review
  • Verify that the access controls on any software used to facilitate supply chain activities are appropriately configured and secured; this includes application, networks, environment and backups, recovery, and proper logging
  • Evaluating your overall supply chain risks and identifying potential risks specific Suppliers may face will better protect your organization from cyberattacks.
  • Evaluate your supply chain processes and how your people work within those processes. People are the greatest asset and the most significant risk to supply chain. 

That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.