Reduce supply chain risk with CyberScore™

Effective cybersecurity is challenging enough for many organisations but, when you include supply chains into the mix that may include hundreds or even thousands of suppliers, the challenge grows massively.

There have been numerous instances where an organisation has been breached as a result of hackers finding a way in via third parties such as suppliers and contractors.


Case Study - Target

  • Hackers breached the organisation by stealing third-party credentials.
  • The company fell victim to a spear phishing attack a few months prior to the main breach.
  • The hackers then installed malware onto Target's point of sale system.
  • 40 million credit and debit card details were stolen
  • Cost to Target estimated to be $200 million

Breaches via a supply chain can occur in many different ways.

  • A supplier can inadverntly introduce malware into the chain via phishing emails.
  • A vendor's creditials could be stolen through weak security,
  • A smaller member of the supply chain is often an easier target and route into their true target.

Supply Chains are the weakest link?

Hackers seeking to breach a large organisation often do their homework and seek to take advantage of their supply chains. Various methods such as social engineering allow them to learn who their target does business with or who their suppliers are. Social media also allows them to learn who the best people are to target with phishing emails or approach.

If they are particularly determined, they are likely to go through every part of the supply chain to find any vulnerability. Once they find one, they will then seek to exploit it. Once in, they can then cause trouble right along the chain.

Large organisations’ supply chains are comprised of small or medium-sized organisations and often due to their smaller sizes and budgets they are often considered to be the weakest link in the chain as their cybersecurity measures are unlikely to be as effective as larger ones.

David Carroll, Chief Executive at XQ Cyber, says; “Forward-thinking supply chain operators know that the way to reduce risk is to support their suppliers and partners, by providing tools and services that enable them to improve their security, rather by burdening them with endless questionnaires.”

Reduce the threats by doing the basics

Organisations at the top end of a supply chain should encourage their suppliers to adopt a cyber-aware culture. By adopting government schemes such as Cyber Essentials and educating employees at all levels, you can reduce the threat.

  • The ‘It’ll never happen to me’ mentality needs to go - The belief that a cyber-attack will never happen to me is a surprisingly common reason why businesses don’t invest properly in cybersecurity. Small businesses, in particular, are likely to believe this as they think that they’re too small to be noticed by cybercriminals.  

  • Awareness Training can reduce the threat - By educating employees and members of a supply chain on how to spot a suspicious email, you can cut the likelihood of a phishing attack succeeding. 

  • Encourage good browsing habits - Good cyber hygiene can help you avoid many cyber dangers. Don’t visit dodgy looking websites and never click on links on such sites. Promoting a cyber aware culture through the Cyber Essentials scheme throughout your business can reduce the threat dramatically.

  • Policy, procedures and audits - Ensuring that the organisations in a supply chain have well throughout policies and procedures in place can help to protect against cyber-attack. Policies such as users having access to only what they require for their role and are not able to plug in personal devices or removable media for example. Likewise, having an audit of assets helps to keep track of what is part of your network, and more crucially what isn’t. Finally, make sure there is continued awareness of these practices in the same way that fire drills are carried out regularly.

  • Patch it! - When your computer notifies you that it needs to update, don’t ignore it. Patches for vulnerabilities are released all the time so ensure that you keep your computer up to date. It’s for your own good! Encourage your supply chain partners to keep their anti-virus and other security applications up to date.

How can CyberScore™ help secure supply chains?

Developed by XQ Cyber CyberScore™ quantifies supply chain risk by automatically testing and rating the security of all parts of the chain. It peer-rates suppliers based on objective, empirical data and provides in-depth guidance and support to the supply chain members that are most at risk.

*Article originally posted at - http://www.supplychaindigital.com/technology/comment-back-basics-throttle-supply-chain-cyber-threat

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup