How to Protect your Supply Chain from Disruptive Cyber Attacks Part 1: How Globalization is Affecting Cybersecurity
Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on Environmental, Health, Safety, Security, and Sustainability.
October 28, 2022 - According to the latest BSI Supply Chain risk insights report, "crime, climate, the convergence of digital threats, and cybersecurity vulnerabilities have emerged as dominant risks to the global supply chain. Several key factors are fueling threats to the digital and physical supply chain, including globalization, specialization, and digital transformation."
In part one of this series, we'll cover how the cyber-related risks of an organization are directly affected as industries become more globalized.
Trust in Third-Party Suppliers
Ransomware attacks around the globe continue to increase exponentially and now occur at a frequency rate of every two seconds. Ransomware perpetrators progressively refine their malware payloads and related extortion activities. The average ransomware attack cost is currently set at a staggering $4.54 million and is predicted to increase.
Despite the increasing threats and attacks, organizations often fail to consider the risks their third-party suppliers may introduce into theirs supply chain. Companies can face significant damage to servers, networks, and personal devices post a cyber-attack. In addition, a cyber-attack can lead to substantial financial consequences via theft of information and costs relating to damaged equipment and reputational costs and potential legal fees.
Organizations are increasingly reliant upon global partners that make up their supply chain. The more globally dispersed suppliers are, the greater the complexity of the supply chain becomes, especially as the origin point and destination separation point of goods may be by continents or oceans and dependent upon global logistics services. Such complexity leads to longer delivery lead times and increases the likelihood of delivery failure should a cyber-attack disrupt the lower rungs of a supply chain. For this reason, the impact of one single issue with a supplier affects the entire supply chain.
Mitigating Digital Supply Chain Risks
Organizations might be sharing a lot of data or sensitive information with Suppliers and be unaware of it. Therefore, any third-party software provider must attest that it has undergone an appropriate penetration test and security review.
The steps below will help your organization mitigate the risks your digital supply chain might be exposed to:
- Review all current suppliers
- Identify the key suppliers and conduct thorough security risk assessments
- Make cybersecurity requirements part of your third-party supplier contracts (Security Rider)
- Ensure suppliers provide attestation or compliance with well-known cybersecurity frameworks
- Review the current supply chain partners' interconnectivity with your systems, including ensuring data is encrypted
- Protect the data and systems partners' access to your platforms
- Verify that third-parties are safeguarding their data
- Require Suppliers to provide a framework for their cybersecurity measures
- Document residual risk elements and ensure senior management is aware
- Train employees on aspects of cybersecurity supply chain risk
Follow Kristin Demoranville's three-part blog series 'How to Protect Supply Chain from Disruptive Cyber Attacks' to better understand how industrial globalization affects organizational cyber risk. For more insight on other Digital Trust and Environmental, Health, and Safety topics that should be at the top of your organization's list, visit BSI's Experts Corner.