Best Practices to Prevent Supply Chain Cyber Attacks
Due to globalization and outsourcing, enterprise supply chains are more intricate than ever. Most canada goose uk outlet products Canada Goose Coats On Sale are no longer manufactured by a single entity. Materials, components, canada goose factory sale and even canada goose outlet uk sale final products pass through multiple hands before ending up in the hands Canada Goose Outlet of end users. Additionally, most companies goose outlet canadian goose jacket canada have multiple third party business associates providing everything from office canada goose outlet sale supplies to cloud canada goose outlet uk storage; the largest enterprises may have thousands of these Canada Goose sale vendors. While enterprises canada goose outlet canada have canada goose clearance sale long been on guard against the possibility of cheap canada goose uk physical product tampering or Canada Goose Jackets counterfeiting, many companies are still not canada goose coats on sale cognizant of the scope of supply chain cyber attacks.
Supply chain cyber attacks can involve canada goose outlet reviews hardware or software. According to canada goose store NIST, some of the most common threats to the canada goose outlet online uk cyber security of the supply chain include:
Cyber criminals are increasingly hacking legitimate software updates. A recent study by Symantec found that this type canada goose outlet online of supply chain canada goose outlet parka cyber canada goose uk black friday attack surged by 200% in 2017. buy canada goose jacket One of the most infamous examples is the NotPetya malware, which official canada goose outlet was spread through a compromised update of a popular accounting software package.
While supply chain cyber attacks are a threat to Canada Goose Online all industries, Canada Goose Parka the problem is especially acute in canada goose outlet jackets the healthcare industry, which is rapidly implementing IoT devices. At any one time, the world canada goose outlet toronto factory hospitals are running up to 80,000 exposed devices, and these devices can be attacked at numerous points on the supply chain. government is also vulnerable to supply chain cyber attacks; for this reason, the FCC has drafted a proposal that would prevent telecoms from using canada goose factory outlet Universal Service Fund money to purchase hardware manufactured by companies that a canada goose outlet store uk national security threat to United States communications networks or the communications supply chain, noting that compromised equipment could canada goose outlet vancouver an avenue uk canada goose outlet for hostile governments to inject viruses, launch denial of service attacks, steal data, and more. Supply Chain Cyber Attacks
Proactive supply chain risk management is key to preventing supply chain cyber attacks. Here are some examples of best practices:
Know your organization vendors. Often, the purchasing and accounting departments are canada goose black friday sale well versed in a company supply chain ecosystem, but cyber security personnel are left in the dark.
Establish specific security metrics for canada goose coats canada goose outlet your vendors to adhere to, and include canada goose outlet shop them in every RFP and contract.
Institute no tolerance, canada goose outlet new york city strike and you out policies canada goose outlet black friday for vendors buy canada goose jacket cheap who provide products that are found to be counterfeit or fall short of security specifications.
Tightly control hardware component purchases. Unpack and thoroughly inspect all components purchased from vendors that are not uk canada goose pre qualified.
Tightly https://www.arconserve.ca control vendor access to your hardware and software. Limit software access to as few vendors canada goose outlet nyc as possible. Limit hardware vendors access to mechanical systems only, with no access to control systems.
Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security firm, and Continuum GRC. He is canada Canada Goose online goose black friday sale an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous canada goose jacket outlet executive leadership positions.
He has contributed significantly to curriculum development for graduate canada goose outlet store degree programs in information security, advanced technology, cyberspace law, and privacy, and canada goose clearance to industry standard professional certifications. He canada goose uk shop has been featured in many publications and broadcast media outlets as the Guy for canada goose outlet in canada goose usa executive leadership, information security, cyberspace law, cheap Canada Goose and governance.