Sep 10 2015

Supply Chain Management is Not Secure By Any Standard…but there’s hope!

I’ll give you a taste of the NIST Cybersecurity Framework Audit. This is question 4 of 99 asked in the CSF Audit: “ID.BE-4: Dependencies and critical functions for delivery of critical services are established” – In other words, what services do you need to operate your business, and oh by the way, which businesses out there rely on you to conduct their own business? So the third-party vendor vulnerability has become HUGE. This is the reason almost half of our clients are coming to us right now. They need a resilient, applicable solution to their everyday cybersecurity needs. [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Obligatory supply chain management graphic below – there are literally thousands of graphics like this, so I assume this industry is used to seeing these, and I felt obliged to insert it.]

Supply chain mngt graphic

One of the most fragile spiderwebs of networks out there is within supply chain management. Supply chains are fragile beings and they can be compromised easily and leave their clients and hangers-on feeling uncertain of their security, and therefore their overall standing within their market. No one wants to feel like that.

I have spoken with many CEOs and CFOs that serve as vendors to larger, anchor organizations within their given supply chain, and they know they can’t survive a cyber breach that leaves them vulnerable. There are too many other companies out there (sharks in the water) to take their place and the reputational loss is too dangerous to a small company that relies on contracts from big companies to live.

There is hope. This article from Forbes actually does a nice job of reviewing the areas a company should be on top of to stay resilient and relevant. He reviews the threats in a realistic fashion with real examples. The biggest mitigation for companies that fall within supply chain management: get an information risk audit that will tell you how well your people are performing within the information security realm, get cyber hygiene training for your staff on a regular basis, and mostly to have an incident response plan as a result of the two former actions. At Layer 8 Security, we agree with these things. We preach them, we practice them, and we sell them for this very reason. This is what keeps over 80% of breaches from ever happening.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]