Cybersecurity issues continue to be front and center for many companies.
While many companies look inside the company for threats, they should also direct their view further and examine their supply chain. Supply chain attacks rose by 150% between 2016 and 2017, according to cybersecurity company Symantec.
Stuart Madnick, a professor of information technologies at MIT Sloan and founding director of Cybersecurity at MIT Sloan, offered advice on how companies can defend against attacks. In an article from the Sloan School of Management by Tom Relihan, Madnick points out that attacks come from a variety of sources and offered this advice:
Software service providers and outside contractors
Due to the installation of a single piece of accounting software in an office in Ukraine, A.P. Møller-Maersk saw global operations grind to a halt and thousands of company computers rendered completely useless.
Any firm that plans to partner with a contractor or service provider would be well-served by conducting a security audit of that partner prior to entering into a contract or allowing any work to happen, Madnick said. Organizations could create a framework for evaluating and scoring a potential partner’s security operations, or conduct “stress tests” on their networks. “You could then say, ‘We will only partner with software providers who are level eight or higher."
For the smallest of partners, like independent contractors who might not even have an IT or cybersecurity department, Madnick recommends they work with a consultancy to bring their defenses up to par prior to the partnership.
Madnick said a third potential supply chain cyberthreat could be baked into the supplies themselves, either in the form of hidden “backdoors” embedded in software to allow secret, remote access or through equipment outfitted with malicious hardware designed to steal information or hijack the system it’s part of.
The best way to prevent such attacks is to keep close tabs on your supply chain, with the goal of being able to determine the provenance of each component, so that you’d be able to identify any points of contact that could pose a risk.
Read the full article here.