A large amount of data is constantly passed through supply chains, which have only become more and more connected. It only makes sense that companies are more sensitive to the risks that come with such systems.

Cybersecurity attackers are not backing down, and the war against cyber hacks has only just gotten intense.

It is 2021 and many companies are still grappling with adapting to the impacts of COVID-19, with no clear end in sight yet. This is not the time to back-burner cybersecurity. Companies need to take proactive steps to protect their supply chain from disruption.

  • Scrutinize the cybersecurity practices of vendors and partners
  • Address remote work factors and endpoint vulnerabilities
  • Protect connected IoT devices
  • Establish clear cybersecurity guidelines

First, it is not enough to deal with your cybersecurity risks and threats in your organization alone. It is crucial that your suppliers, vendors, and other partners have an equally high level of proactive cybersecurity management.

Sharing valuable and sensitive data with partners automatically makes them viable targets for attacks. Last year, the FBI even sent an alert to companies to warn about cybersecurity attacks through third-party vendors.

A June 2020 survey revealed that 77% of companies limited visibility around their third-party vendors. Thus, it is not surprising that 80% have suffered a third-party-related breach in the past 12 months, according to the same report.

Data breaches undermine deal management and can collapse supply chain operations, which are already somewhat fragile due to the effects of the pandemic.

Before partnering with a vendor, ensure they meet the required standards of information security (PCI-DSS, HIPAA, etc.) that are applicable to the industry. Likewise, conduct independent audits on their cybersecurity practices to ensure they are truly compliant and will not put your organization at risk.

In a way, cybersecurity is all about endpoint protection; if your organization can secure all your endpoints and eliminate all weak links, you are in pretty good shape security-wise. However, COVID-19 imposed an unprecedented challenge on enterprise cybersecurity: the rise of remote working.

Employees working from home multiply the endpoints to be managed, and of course, the number of risks and vulnerabilities to organizations have been multiplied too. Home networks are untrustworthy, unlike office networks, amongst other reasons why remote work poses a serious cybersecurity risk.

To protect endpoints, supply chains need to adopt more stringent remote access and permission controls. Zero-trust security, the least privilege principle, and AI authentication tools should be important considerations when revamping endpoint security on your network. Experts agree that remote working is here to stay.

In the next normal, organizations should be prepared to build security by design into their supply chain framework, infrastructure, and operations. This might require redesigns of the core process architecture. But it all begins with simple steps: training employees on cybersecurity hygiene, providing them with tools to ensure secure remote connections, and announce threat updates to keep them alert always.

Robots, IoT devices, and other smart products have become fully part of supply chain operations to ease logistics processes. However, the vulnerabilities of IoT devices inhibit their potential in the industry. Connected devices are constantly at risk of hacking, data corruption, and spying. These threats may be physical or remote and in each of these cases, the consequences may be severe. Organizations require more visibility and management of their IoT endpoints.

According to the European Union Agency for Cybersecurity (ENISA), the concept of security by design and security by default form the foundational building block for the protection of IoT devices. IoT devices are unlike computers on which cybersecurity software can be installed for protection. Likewise, maintaining strict access controls is very crucial.

In addition, organizations should adequately install intrusion detection system (IDS) software to prevent network attacks like Denial-of-Service (DoS) and the likes. Other best practices for mitigating IoT risks to supply chains are shared by the NIST CSRC from an article in the International Journal of Future Generation Communication and Networking.

Recently (last month), the US Government Accountability Office (GAO) examined the compliance of 23 anonymous agencies with its 7 practices for managing supply chain risks. The report showed that none of the agencies had fully implemented all the practices and only a few implemented some practices, at least. The vast majority (14) did not implement any of the practices at all.

Every organization needs a cybersecurity policy, with a focus on supply chain operations. Documenting such guidelines gives referenceable directions to ensure compliance from all authorized actors. The need for a coherent strategy for dealing with cybersecurity risks is paramount. Technologies like Secure Web Gateway (SWG) are useful for enforcing the set policies across the organization.

Supply chains are designed to work seamlessly; sometimes, this flawlessness gives the illusion that all is well, whereas a simple data breach could take down the whole system. Organizations need clear cybersecurity policies identifying guidelines for protection, risk mitigation, and threat response, as situations may require.

Conclusion

Cybersecurity is important for the sustainability of supply chains and it is in your best (commercial) interest to protect what happens on supply chain networks and the networks themselves. This is the Industry 4.0 era and we are witnessing unprecedented instances of cyber attacks.

Following the upending year of 2020, 2021 has not lent itself to much in terms of predictions. But no matter what happens this year, rigorous adoption of the principles set forth above will ensure adequate protection for your supply chain.