Dive Brief:
- While most businesses believe software supply chain attacks could become one of the biggest cyberthreats in the next three years, 71% of respondents in a survey by CrowdStrike said their organization doesn't hold external suppliers to the same security standards.
- About two-thirds of IT security professionals said their organization "has work to do if they are to be prepared to defend against supply chain attacks."
- A majority of respondents (90%) said a software supply chain attack resulted in financial cost, with the average attack costing $1.1 million.
Dive Insight:
There are lots of bad actors out there trying to access your IT network. They want to steal company secrets or disable your network, essentially putting your company out of business. Perhaps both. The risks for network attacks come from sources both foreign and domestic. And no matter the source, often these attackers are invited in through the front door. We need to increase our awareness of the problem in our own companies and throughout the supply chain.
First, we have to admit that if a sophisticated hacker wants to access or take down our network, they can, and we’ve seen this proven at the highest levels of business and government. While the television commercials show banking networks on DEFCON 1 in large command centers, I think that in reality most companies are relying on software and luck to avoid illicit network access.
When it comes to the supply chain, there may be a few things that we can do to minimize the risk of attack, or at least take away the welcome mat for hackers.
Ban all social media in the workplace
Now after you catch your breath on that one, understand that I too access my social media accounts during the workday and see that my coworkers do the same. While my excuse is that I watch for breaking business news, I will admit to taking a "quiz" or some sort of stupid interactive game that gets my interest. Sort of like Doritos, these little quizzes, supposedly "liked" by my "friends" are addictive. They are also a portal into your personal and business networks. Find your news at the proper, secure web sources. While not altogether safe, they are safer.
Increase internal training and establish best practices
We do lots of sourcing by Google these days, and it's OK to admit it. Notice how after searching for the latest electronic widget, pictures of widgets invade your web browser, literally calling out to you to "buy me." The web knows who you are and where you are. Some internal sensitivity training will hopefully help to reduce the risk about how best to maintain network security through better IT hygiene. That contract expeditor clicking on the picture of the latest sports star when they should be chasing late supplier deliveries is both delaying production and compromising network security.
Keep a careful eye on the supplier community
Discussions on network security are good conversations to have. While the more sophisticated suppliers may be taking the necessary network precautions, others may add to the risk. We still see primary suppliers running with 13 inch monitors and Windows Vista on the local cable network. Their rudimentary networks are at high risk. And when they upload or download their latest feed in your supplier portal, they are putting your network at risk as well. Add a global supply chain sharing information into the mix, and you have the recipe for sleepless nights for the IT folks.
