Business professionals are quickly realizing the dangers of cybersecurity threats and attacks on supply chains. A few years ago, the Supermicro bug revealed how vulnerable even those systems are which call themselves sophisticated in cybersecurity.
In 2015, large US organizations – including Amazon and Apple – woke up to the fact that there were tiny unauthorized microchips in their server boards by Supermicro, a US company which was founded by Taiwanese immigrants. Amazon allegedly made the revelation while trying to buy a video suppression software startup that had contracts with defence intelligence agencies in the US.
These unauthorized chips appeared to have allegedly been placed there by Chinese hackers in an attempt to introduce malware into the company servers.
This incident clearly illustrates how at risk global supply chains are to cybersecurity threats in that any component of the chain can be tampered with and then accessed remotely.
In order to beef up cybersecurity for supply chains, enterprises must fund their third-party risk management teams which are typically understaffed and poorly funded. This leads to higher risks for supply chain companies. In many companies, the only protection implemented is to require the suppliers to fill in a written checklist which is an extremely flimsy method of ensuring security.
In addition to this, there is no standardization on mechanisms such as blockchain and hyperledger and there is no proper existing protocol to be followed in case of a cybersecurity threat or attack. So even if the team is fully funded, there is no sequence of actions they can follow. This is the sad reality of most companies.
Enterprises must establish a protocol even if they haven’t gotten a chance to test it out first – because something is always better than nothing. Listed below are 5 steps that an enterprise can take (to start with) to protect itself against a cybersecurity attack:
- Make third-party risk management a number one priority. The team must be fully funded, supported, and trained for any cybersecurity event that arises. Having someone incharge of protecting supply chains is crucial.
- Identify supply chain vulnerabilities and loopholes and prioritize fixing them. This means identifying all critical supply chains including information supply chains and physical supply chains – and taking steps to protect them. Companies are now realizing the risks of incorporating open source software into their internal systems. Even though open source software is strengthened by inviting hackers to attack and discover loopholes which developers then fix, there is still a lot of room for bugs and attacks that can compromise cybersecurity.
- As a company, you need to engage with suppliers at key steps in the supply chain. This means that anyone who manufactures, modifies, or distributes at any point in the supply chain needs to be engaged with. Meet them and discuss their policies – and don’t just take their word for it, have them demonstrate to you the robustness of their methods. You may even need to audit on a regular basis just to ensure that the safety measures are being upheld.
- Have a test lab that will uncover hidden hardware and software bugs. Like with Supermicro, the malware wasn’t discovered until Amazon tested the motherboard extensively in its labs. Not all organizations have the funding to maintain a full-time test lab, but periodic testing is extremely important (inhouse or outsourced).
- Look into blockchain and hyperledger technology for your supply chain. The ideal protection for supply chains is a mechanism that validates and timestamps every modification along with its source. This is done automatically via blockchain and hyperledger technology without the need for centralized management. These technologies will provide much-needed transparency for your system and help protect against attacks on vulnerabilities.
To sum it up, cybersecurity is the most crucial aspect of any supply chain without which every other facet eventually becomes meaningless.
