As of Dec. 2019, 4 billion records had already been breached during the prior 12 months, and the year wasn’t even over yet. This and other measures made 2019 one for the record books for cybersecurity—a point that all electronics buyers should keep in mind as we move into the New Year.
“Cybersecurity protection is taking on a more prominent role for companies assessing their suppliers. Security professionals are looking for more sophisticated tools to evaluate the risks that providers present in the supply chain,” WSJ’s James Rundle and Catherine Stupp write. Those risk evaluations are part of a broader effort to protect businesses from hacking, ransomware, and other threats that have emerged in the digital era.
Here are six ways buyers can help protect their supply chains from cybersecurity threats during the coming year:
1. Create a catalog of all suppliers and the data that they have access to. And while assessing the security of suppliers is more challenging for buyers who have thousands of companies on their list, Rundle and Stupp say the best solution for companies with long supplier lists may be using third-party certification to assure the vendor has been closely vetted.
2. Pay attention to 5G. Major 5G network deployments are expected in 2020, Security Boulevard reports. The technology will create opportunities across many industries, but also will create increased threats from the cyber dark side. “The vast 5G supply chain is susceptible to vulnerabilities such as malicious software or hardware and poor designs,” the publication reports. “Also, many of the companies providing hardware and software for 5G networks have their own security vulnerabilities.”
3. Scrutinize third-party vendors more carefully. Cyber criminals look for the easiest path to achieve their goals, and sometimes that path runs straight through third party vendors, Security Boulevard points out. “When many people think about the insider threat, they’re most likely imagining malicious employees or accidental insiders,” it adds. “But third-party vendors are another type of insider threat that are sometimes overlooked. Whether it’s a supplier, an external developer, or a service contractor, third parties have access to critical systems.”
4. Look to automation for help fighting cyberthreats. “Due to the increasing velocity of cyberattacks automation will need to be trusted and utilized to stop threats before damage is done,” Security Boulevard reports, noting that automated attack tools lead to massive increases in the volume of data that must be processed by cybersecurity teams. “Humans can’t possibly keep up with such large amounts of data. The only effective way for organizations to fight back is with their own automated security technology.”
5. Consider the whole ecosystem. Today’s companies rely on an average of 89 vendors a week that have access to their networks in order to perform various crucial business tasks. As outsourcing and cloud adoption continue to rise across retail organizations, it's critical that they keep an up-to-date catalogue of every third party and service provider in the digital or brick-and-mortar supply chain as well as their network access points. “These supply chain ecosystems can be massive,” Jake Olcott writes, “but previous examples have taught us that security issues impacting any individual organization can potentially disrupt the broader system.”
6.Look under your own roof. Data breaches are not only caused by elusive thugs outside of the firewalled perimeter, but also from well-intended professionals inside the system, according to Help Net Security. These individuals are a key part of the supply chain attack—a breach of information caused in a standalone moment that ripples through the rest of the supply chain unintentionally. One way to combat this kind of vulnerability is to ask, in writing, how the vendor plans to handle any concerns your organization has. “The government supply chain, for example, includes an inquiry and design review process that must be followed,” Help Net Security points out, “regardless of whether it is a prime or subprime supplier.”
