Securing the Supply Chain

cybersecurity
Share

written by: Ron Dalton, IT Infrastructure Manager, MD Logistics

Technology continues to play an important role in the supply chain as warehouses become automated with the surge of consumers shopping online. As technology is incorporated into more of our daily lives, the challenge becomes how do we make our systems and the greater supply chain secure from outside forces. In an increasingly connected world, technology has made the spread of information easier, but it has also revealed vulnerable areas open to hackers. Experts say that cyberattacks are on the rise, with 80%[1] of them originating from the supply chain! While that is a staggering statistic, here are some tips you can incorporate to keep your team and digital footprint, safe.

Potential Opportunities for Cyberattacks

The 2018 World Economic Forum Risk Report revealed that cyber risk holds two of the top five slots[2] in terms of liabilities in today’s world. With the constant sharing of information between parties, any lapse in security is an opportunity for individuals on the dark web to take advantage and steal your pertinent information or completely infiltrate your systems. There are a variety of different locations where vulnerabilities can lie, both internally and externally. The following are perhaps the most common areas for an attack:

  • Outside Vendors. Anytime information is shared between corporate networks there is a risk that it could be accessed if network communication is breached.
  • Internal Teams. In the same regard as outside vendors, there could be a security breach to your internal system by someone within the team. The most common scenarios in this case are opening an unencrypted file sent via email or visiting a website that was compromised.
  • Email & the Cloud. Perhaps two of the easiest ways to infiltrate a network are through email and cloud sharing services. We are all well aware of the phishing schemes in which hackers try to access our information by sending questionable emails to our inboxes, asking us to click on hacked links or open infected attachments. Now, as additional services migrate to ‘the cloud’, there are more opportunities for a hack than ever before. By reaching out across the internet into “the cloud” to access services, you increase your exposure to an attack. While the cloud does have many benefits, from a cybersecurity aspect, it does complicate matters for IT teams to keep those services and users secure.

How You Can Stay Secure

Perhaps the easiest way to defend against attacks is by training your internal team as your first line of defense. Breaches can happen from simply browsing the internet or opening an email. Educate team members on potential ways networks can be infiltrated. Provide specific examples of what they can look for in their everyday communications. And give risk mitigation procedures they can perform if they do open themselves and the company up to a breach. Education at this level is simple, not time consuming and empowers the members of your team to aid against cyber thieves. Instructing on best practices to keep internal systems clean is one step, putting technical monitoring systems in place to aid is also important. Installing a web content filter will prevent your team from visiting a site that has been hacked in addition to catching any malware.

At the network level, intrusion detection systems are good tools to have in place. These tools continuously monitor your network traffic, alerting you if there are potential outside threats. This line of defense works as a database of patterns to keep malware and viruses from entering your network and as such need to be continuously updated. The updates are crucial so the most recent patterns of spam/phishing/malware attacks are included in the monitoring pattern, thus protecting the entire network from intrusions, originating from both new and old techniques.

Vulnerability scanning is yet another tool to use in preventing cyberattacks. Vulnerability scans occur by using a third party service to scan your systems externally, proactively looking for ways to breach the system. This process is conducted to ensure there are no opportunities for threats to security and measures your exposure to outside threats. This process should be done on public facing servers, such as those that house your website, to look for potential vulnerabilities.

Just doing the work to put these tools in place is not enough. You have to ensure they are continuously working and perform scans regularly. Continual monitoring and maintenance is the key to staying secure.

Conclusion

As we look to the future, we are already seeing the adoption of additional security measures such as multi-factor authentication, in which multiple passwords or avenues to verify identity are needed. I see cybersecurity protection moving away from the use of passwords and toward more biometric technology. We are already seeing this technology utilized in some of the newest smartphones on the market.

When it comes to cybersecurity and the evolving technologies and strategies available to protect our digital identity, there are two factors that remain true. As long as technology continues to evolve and became an increasingly important part of our lives, there will always be a need to protect ourselves from outside threats. Additionally, cybersecurity cannot be a ‘leave it and forget it’ part of your business plan. Risk management plans and procedures must be continuously updated and adapted, as new threats emerge. A great way to think about the internet is this: as soon as you step outside onto burning hot pavement, you rush to the grass to keep the soles of your feet protected. The internet is the same way. The moment that you step outside the protection of the network, you open yourself up to hostile threats. As new cyber threats emerge, keep yourself and your team protected.


[1] Three Methods to Combat Supply-Chain Cyberattacks. https://www.supplychainbrain.com/articles/29337-joined-at-the-hip-cyber-supply-chain-management-supply-chain-risk?id=29337-joined-at-the-hip-cyber-supply-chain-management-supply-chain-risk

[2] Three Methods to Combat Supply-Chain Cyberattacks. https://www.supplychainbrain.com/articles/29337-joined-at-the-hip-cyber-supply-chain-management-supply-chain-risk?id=29337-joined-at-the-hip-cyber-supply-chain-management-supply-chain-risk