Is The Supply Chain The New Cyber Abyss?

Is The Supply Chain The New Cyber Abyss?

By |2018-12-03T13:22:34+00:00December 3rd, 2018|Blog, Information Security|

We all know that Target lost its CEO along with $164M dollars when a small HVAC contractor that was part of the supply chain was breached, allowing hackers into Target’s network. However, you may not be aware that banks spent over $200M reissuing Target credit cards. And, what about Chinese telecom equipment manufacturers ZTE and Huawei?  ZTE and Huawei are notorious for adding small pieces of code during the supply chain process to siphon data from its users, and their parent country – China – stole sensitive secrets from the U.S. Submarine Program through a cyber attack earlier this year. According to Symantec, data breaches through supply chains increased 200% in 2017. So how exactly do supply chain breaches occur, and what can be done to prevent them?

Inherent Vulnerabilities

Supply chain or third-party attacks are more widespread than ever due to multiple inherent vulnerabilities. First, in today’s business landscape, more parties than ever interact or have “touch points” with valuable data. It makes sense that an increase in the number of interactions will correlate to a higher risk of supply chain infiltrations. Second, most enterprises utilize outside hardware and software to manage their data, meaning that security vulnerabilities are practically built into their daily operations. With so many service providers and suppliers having access to sensitive data, it’s no wonder that supply chains are inherently vulnerable – they are truly a bottomless chasm. To make matters worse, cyber criminals continue to acquire more resources, tools and techniques to breach enterprise security.

Inadequate Security

Despite preventative measures such as cloud security, patches and monitoring, supply chain cybersecurity remains largely inadequate. For decades, experts have voiced concerns about risks associated with the internationalization of supply chains and how this can create vulnerabilities for data. Unfortunately, the growth of cyber threats to supply chains has outpaced the development of workable supply chain cyber management solutions that are effective,  affordable and easy to implement.

Network Protection

During a typical business day, most people rely on multiple types of devices, each of which may routinely access their corporate network as well as external sites and applications. Now multiply this by all the businesses and individuals making up a supply chain – the potential number of “weak links” where a breach could possibly occur is enormous. According to a 2018 report by the Ponemon Institute, 61% of surveyed U.S. organizations have experienced a data breach caused by a third-party vendor.

Contractors that are part of the Defense Industrial Base (DIB) program have an especially high level of urgency with regard to supply chain cybersecurity. Cyber criminals actively work to find and exploit any weakness in the DIB supply chain in order to gain access to the government’s networks.

The operation and function of industries ranging from manufacturing, defense, healthcare and more are more reliant on their networks and software. As a result, it is unlikely that businesses within these industries will adopt more robust security solutions unless they can be assured that the increased supply chain security will not negatively impact daily operations.

Protecting The Supply Chain

Preventing cyber leaks in the supply chain is dependent upon having a good cybersecurity framework and the right tools to create appropriate defenses. Solutions that require endless updates and impractical configurations won’t get the job done. GoSilent’s next-generation edge security products are easy to deploy, require no external support and can help protect all entry points to your supply chain. Learn more about our products and solutions.