Why Cyber Security is even more important for the supply chain
Having appropriate IT security is vital for every business. If you consider that nearly half of all businesses will be the victim of a cyber attack, this shows how important it is to have the right prevention in place and how high this should be on your priority list.
However, businesses that utilise supply chain are at an even greater risk than the average business due to the nature of how they operate.
The greater cyber security risk from the supply chain
The reason that there is a greater risk when you factor in the supply chain is that potentially more people have access to your systems. There is a term in IT security known as ‘attack surface’. This basically means the amount of your business that is at risk from hacking. Businesses that have multiple links in their supply chain have a larger attack surface than those that don’t and therefore, they are at a higher potential risk. Bear in mind that each one of your suppliers may not adhere to the same high levels of IT security that you do.
So, there is a greater security risk due to the supply chain and in addition, there are communication challenges to factor in as well. For example, if a supplier suffers a security breach you may not hear about the risk for some time, if at all.
Solarwinds 2020 hack – a real life example
In 2020, US-based IT company SolarWinds were the victim of one of the largest cyber attacks of recent times.
SolarWinds is a program that is used to manage IT networks. This popular software is used by companies throughout the world in both the public and private sectors. In what is now widely believed to be a Russia sanctioned cyber attack, malicious code was inserted into SolarWinds software, allowing hackers to spy on all of their customers.
Victims of the attack included Fortune 500 companies Like Microsoft Intel and Deloitte, as well as various White House departments including homeland security.
This attack is so relevant to our discussion because it shows how a single weak link can potentially affect hundreds of companies in the chain. This is why it is so important to consider the supply chain when reviewing your IT security.
How to protect your supply chain
Get your internal IT security right
Hopefully, now you are sold on the importance of good IT security throughout your supply chain. But how do you do it?
The first step is getting your own house in order. Before looking at your suppliers, it’s important to make sure your own IT security is adequately protecting your business.
Advice on how to do this could cover a whole blog post by itself, but the key areas to check are: firewalls, settings, access control, antivirus/malware protection, patch management and employee training.
A great starting point for every business should be to gain your Cyber Essentials certification. It will check the first five of these areas and make sure your business has the correct security in place. Even better, it includes free cyber liability insurance if the worst does happen.
If you are interested, Coretek offer a great value service to get you Cyber Essentials certified quickly and easily: Get Cyber Essentials Certified.
Audit your supply chain
The next step is to audit your supply chain. Make a list of all your current suppliers and carry out regular supplier security audits. This should be done at least on an annual basis but quarterly is better.
If any suppliers fail the security audit, make them aware of the audit results so they can resolve any issues. If these are not remedied, you should consider replacing the supplier as they pose a risk to your business.
It’s time to act
Now you know the risks to your business that come from the supply chain and how to reduce these, it’s time to act. Make sure you have reviewed your internal IT security and you are following best practices. Carry out full supplier security audits and make sure every link of your supply chain is strong.
If you need any advice on improving your IT security or on how to audit your supply chain, get in touch with us today.