Cyber security best practices in the supply chain
Cyber security is a growing concern for a lot of businesses. Hacks and security breaches are frequently in the news and new attacks seem to be occurring regularly. Technically, this is nothing new, but it was the 2011 Sony hack which really brought cyber security threats to public prominence.
This was the biggest breach of its kind against a large company with robust protection, at an estimated cost of $171 million. Since then, we have been exposed to stories of data breaches on social media sites, voter records being released and more recently, ransomware, a virus that encrypts files and won’t decrypt them until a ransom is paid.
It is clear that cyber security is one of the key issues of the 21st century and protecting businesses has never been more important. Supply chains in particular have some inherent vulnerabilities that make them more susceptible to attack. It is very difficult to make your systems invulnerable, but what are some best practices you can look to implement?
Coordinate with your trusted third parties
To facilitate easy movement of parts it is now common practice for companies in the supply chain to share data with each other. This has been demonstrably beneficial and is certainly not something that companies would ever want to reverse, however, sharing data with suppliers and working with external parties also puts supply chains in a vulnerable position.
Many companies are still grappling with protecting their own networks, and while this is very important, they are not considering the possibility that breaches can come from elsewhere. These attacks can originate from seemingly innocuous connections. For example, the 2013 data breach of American superstore, Target, where hackers gained access to systems via a heating, ventilation and air-conditioning supplier.
Ondreji Krehel, founder of international cyber security and digital forensics firm strong>LIFARS LCC recommends that all third-parties be certified to the same compliance standard to ensure some level of consistency across networks.
Consider the impact of the IoT and adding more devices to your network
Technology is ever growing and one of the latest trends that is set to have a big impact is the Internet of Things (IoT). The IoT has the potential to revolutionise process in the supply chain and 70% of retail and manufacturing companies have already started a digital transformation projects.
These projects, many of which involve adding sensors and connecting machinery to existing networks, are exciting advancements, but it may be short sighted not to consider the impact they could have on data security. There have already been examples of smart household items like fridges, being compromised and sending out spam emails. This may seem absurd, but it indicates are a more serious threat. In this breach over 100,000 smart items were compromised and there is certainly potential for hackers to do something more nefarious than sending spam.
Cyber security experts are confident these issues can be resolved in the long term and are usually caused by poor workmanship. Nevertheless, before committing fully to digital transformation project, it is worth consulting a security expert and making sure your systems are controlled.
Lock down hardware
Somewhat ironically in the internet connected age, lost hardware still poses a big threat to cyber security. Two laptops a day are lost on the London underground, and a further 801 laptops have gone missing at just 11 railway stations over the last three years. The danger is not exclusive to commuters or remote workers either. It is becoming increasingly common for delivery drivers or engineers to have mobile apps that connect them to a central network. Take into account that their job requires moving from location to location, it is not hard to imagine scenarios where connected devices can be lost or stolen.
In this case, a little security can go a long way. Encrypting a drive and adding a password can make devices much more difficult to compromise. Consider also biometric logins (iris scans, finger print readers etc.). These technologies are still emerging, but finger print readers in particular have become a staple of most modern smart phones.
We can no longer ignore the threats of cyber security and every business is responsible for ensuring the safety of its own network. Cyber security breaches can come from unexpected areas and it is an ever-changing landscape. The suggestions above provide good general advice on how to approach security, however, the best advice is still to consult an expert.
It is also worth remembering that you are not alone in this fight and that companies like Microsoft have a vested interest in making their devices as hard as possible to compromise. If nothing else it is worth updating your devices to latest versions of software when you can.