Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
Is Your Supply Chain the Weakest Link?![]() Supply chains are a vital component of every organization's business operations and the backbone of today's global economy. However, security chiefs everywhere are concerned about how open they are to an abundance of risk factors. A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost. This leads to an amplified risk of its confidentiality, integrity or availability being compromised.
Do you know where your information is? Do you know if your suppliers are protecting your company's sensitive data as diligently as you would protect it yourself? This is one obligation you can't outsource because in the end, it's your liability. By looking at the structure of your supply chains, determining what information is shared, and assessing the probability and impact of potential breaches, you can balance information risk management efforts across your enterprise. Organizations of all sizes need to think about the consequences of a supplier providing accidental, but destructive, access to their corporate data. Information shared in the supply chain can include intellectual property, customer or employee data, commercial plans or negotiations and logistics. Caution should not be confined to manufacturing or distribution partners. It should also embrace professional services suppliers, all of whom share access, often to your most valuable assets. To address information risk in the supply chain, organizations should adopt strong, scalable and repeatable processes -- obtaining assurance proportionate to the risk faced. Supply chain information risk management should be embedded within existing procurement and vendor management processes.
Brand management and reputation are at stake In the coming years, I anticipate that cloud service providers will be systematically sabotaged by attackers aiming to disrupt Critical National Infrastructure (CNI) or cripple supply chains. Organizations dependent on cloud services will find their operations and supply chains undermined when key cloud services go down for extended periods of time. Therefore, what can organizations do to better prepare themselves? A few examples include:
There's a great necessity to track everything that is happening in the supply chain as even the smallest supplier or the slightest hiccup can have dangerous impact on your business. Brand management and brand reputation are subject to the supply chain and therefore are constantly at stake.
Implementing a supply chain information risk assurance process SCIRAP integrates with existing procurement and vendor management processes, providing a mechanism to make supply chain information risk management a part of normal business operations. As a result, organizations of all sizes will be able to better understand their supply chain information risk, identify the assurance or actions required, and work with procurement or vendor management to manage information risk. Be prepared and Stay Resilient The time to make supply chain security enhancements a priority is now. A well-structured supply chain information risk assessment approach can provide a detailed, step by step approach to portion an otherwise daunting project into manageable components. This method should be information-driven, and not supplier-centric, so it is scalable and repeatable across the enterprise. The unfortunate reality of today's complex global marketplace is that not every security compromise can be prevented beforehand. However, being proactive also means you, and your suppliers, will be better able to react rapidly and intelligently when something does happen. In extreme but entirely possible scenarios, this readiness and resiliency may dictate competitiveness, financial health, share price, or even survival of your business. — Steve Durbin is managing director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cybersecurity, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner./P |
The Internet of Things (IoT) has burst into the connected world and promises much: from enabling the digital organization, to making domestic life richer and easier. However, with those promises come inevitable risks: the rush to adoption has highlighted serious deficiencies in both the security design of IoT devices and their implementation.
Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.
Humans are often regarded as the 'weakest link' in information security. However, organizations have historically relied on the effectiveness of technical security controls, instead of trying to understand why people are susceptible to mistakes and manipulation.
Establishing a business-focused security assurance program is a long-term, ongoing investment.
Machine learning, and neural networks in particular, will become a prime target for those aiming to manipulate or disrupt dependent products and services.
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|