Build Digital Trust to Overcome Supply Chain and Cyber Vulnerabilities

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on Environmental, Health, Safety, Security, and Sustainability.

It’s common to hear how organizations have embraced digital transformation. However, the relationship between organizations and third-party suppliers gets little attention – despite being critical in the open cloud environment we see today.

About 20 years ago, it was easy for an organization to understand its operations landscape and point to the perimeter. Now, we are in a new era of de-perimeterization, and the need for digital tools and security to combat the threat of cyberattacks on the supply chain is quickly becoming imperative to business strategies.

A deep dive into the supply chain ecosystem

Every organization has a physical and a digital supply chain, making cyberattacks more sophisticated. A major issue with digital supply chains is that organizations no longer entirely control their environment and security models. They are relying on third parties to make the right choices, many of which are lagging with digital transformation and have vulnerabilities that can’t be controlled. Strong security protection is not enough for organizations when attackers have already shifted their attention to suppliers.

A chain reaction triggered by one attack on a single supplier can compromise a network of providers. Securing the supply chain can be challenging because vulnerabilities can be inherited, introduced, or exploited at any point in the supply chain.

A vulnerable supply chain can cause damage and disruption, including personnel safety challenges, environmental impacts, and financial loss. This was demonstrated earlier this year in the Expeditors’ attack, where the freight company’s ability to arrange shipments or manage customs and distribution activities was limited for about three weeks. Losses like these introduce the need for continuous supply chain security and active risk assessment and management.

Protecting your supply chain against cyber threats

In today’s global marketplace, a secure, resilient, and well-managed supply chain is not just a “someday” goal, but the decisive minimum threshold for any company intent on competing successfully in the international arena. Let’s look at three key areas your organization should look at, to remain resilient against growing cyberattacks:

  • Understanding Your Suppliers: Improving third-party and supplier cybersecurity programs is vital for future success. The information onboarding checklist with accompanying contracts is no longer seen as sufficient protection; organizations need to know, in real time, how well-protected suppliers’ systems and the information they contain truly are. The new approach should include internal processes, a remediation process for all cybersecurity risks, and the development of key performance indicators (KPIs) to ensure effectiveness and regular audits to identify gaps.
  • Securing New and Emerging Technology: Organizations are investing heavily in new devices, systems, and solutions, which means that everything from plant equipment to life safety and emergency systems can be accessed remotely. This has created an inherent risk and a vulnerability to those systems which can be exploited by cyberattacks. To mitigate this risk, organizations need to fully understand their vulnerabilities with these devices and then develop comprehensive processes and plans to secure and protect their assets.
  • Integration Across the Entire Organization: Traditionally, cybersecurity has been a compliance topic driven by industry regulation, national regulation, or financial disclosure requirements. For the most part, businesses only focused on security because they had to, and few understood the opportunities they could unlock. Moving forward, organizations must tear down existing walls and silos around cybersecurity to fully leverage and enhance their cyber resilience.

This article was originally published in Forbes on October 13th, 2022 under the title: Overcoming Supply Chain And Cyber Vulnerabilities Through Digital Trust. The content has been modified and condensed for this blog. Refer to the full article for Mark Brown’s complete insights on this topic. For more on Digital Trust and Environmental, Health, and Safety topics that should be at the top of your organization’s list, visit BSI’s Experts Corner.