Prevent hackers exploiting blind points in your supply chain
11 October 2021 | 0
In association with CyberHive
Successful operational networks can take years to source, establish and perfect. Built upon trust and communication, it can provide the connected businesses a competitive advantage, and an efficient way to bring products to market.Within the fundamentals of any good supply chain – strategy, service and cost – where do you factor in IT security? Do you factor it in at all? As supply chains become more integrated and digitalised, how do protect the data of your business, as well as the others in your network?
A Cyber Security Breaches survey in 2021 found that only 15% of medium businesses and 12% of large businesses, carry out cyber security vulnerability audits. More alarmingly, 12% of medium and only 8% of large businesses review the security risk posed by suppliers. It’s abundantly clear that attitudes and priorities need to be changed to minimise this significant gap in security. Cyber criminals are opportunists and will take advantage of any weakness in an supply chain. Smaller third party companies can be easier to break into than bigger companies, so if hackers can gain access undetected, they will, and then move their way up stream, to the bigger links in the chain.
Irish firms suffer the highest median cost in Europe from cyber-attacks at almost €92,000, a survey by Hiscox recently unveiled, with manufacturing being a heavily targeted industry. That’s 92,000 reasons why it’s crucial to have full visibility of third party security, and that taking an incomplete view of your suppliers, can leave your company vulnerable and open to risk. A chain of supply can be complex. So finding harmony between limiting potential exposure, but also enabling enough links to conduct business operations, is the tricky part.
Factoring in what your supplier’s security looks like, is key, as well as communication about what your expectations of security are. Every part of the chain needs to have an awareness and importance around security, and a way to report any incidents. But it shouldn’t stop there. Regular monitoring and continuous improvement are also invaluable. Increasing the monitoring of security information and event management (SIEM), and at that time, implementing any improvements from any key analytics picked up.
Another thing to consider is user behaviour. There is nowhere to hide from the fact of 95% of security breaches are to do with human error. Therefore, establishing good training, policies and practices, like choosing strong passwords, two-factor authentication, or biometrics and hardware certificates – are critical. Many of the attacks that are successful begin with an employee clicking on something they should not have, or failing to follow security protocols. It is unfortunately true that mistakes will happen and that breaches will occur. This fuels the argument for zero trust networks, which have an approach that every file or piece of information is behind a barrier, and every connection request is scrutinised before access is granted.
Most standard cyber defences, such as firewalls and penetration testing, serve to secure the systems from external attack. Anti-virus software is used by most companies and is effective against known threats, but is increasingly inadequate against the growing sophistication of criminals. We need only look at the recent data breach of streaming platform Twitch, which clearly illustrates that even a misconfiguration on a server, can be exploited mercilessly by hackers. Adapting to a continually evolving threat landscape is a huge challenge for security professionals. There are examples when even multi-million euro security budgets that have failed to prevent data breaches. It is no longer a case of ‘if’ your cyber defences will get breached, but ‘when’.
Working in collaboration with the University of Oxford, CyberHive has broken new ground in the cyber security space with Trusted Cloud – a unique technology that secures hardware through advanced cryptography to protect your data. The award-winning solution works to detect breaches in real time, which is invaluable within a highly integrated digital supply chain where you don’t necessarily know the security posture of your partners. Attacks that could potentially go unnoticed for months by other leading security technologies, but with Trusted Cloud these would be flagged in seconds, ensuring that no unauthorised code can run undetected throughout your entire server estate.