Five reasons why the supply chain is the weakest link in your cybersecurity
Supply chains are important components of every organization’s global operations. Organizations share a wide variety of information with their suppliers, distributors, vendors and when information is shared, direct control is often lost. The recent Covid-19 pandemic has led to a surge in cyberattacks.
The latest report from supply chain company Resilience360 lists nearly 300 cybersecurity incidents impacting the supply chain companies. According to Gartner’s Future of Supply Chain report, 2019, “Data security /IT incidents” was the top threat cited by 300 supply chain leaders when compared to other risks.
Image Source: Gartner
While cybersecurity is a major concern for all tech-enabled businesses, it is more so for the supply chain where hand-off happens from raw materials to delivery of a product or service. All the functional areas are potential touchpoints where cyber-attacks can happen.
As cyber-attacks increase, supply chain leaders must take adequate steps to address major vulnerabilities that can leave their organization exposed to operational disruptions, loss or theft of intellectual property, significant damage to brand reputation, and can be levied substantial amounts of penalty.
Let’s look at the top five reasons why the supply chain is the weakest link in your cybersecurity:
It is often not clear who is in charge of managing risk: In the supply chain, as many third-party vendors are involved, it is often not very clear who is in charge of cybersecurity as there is no fixed person or team responsible for managing it. Organizations must decide who owns third-party cybersecurity risk and must adopt an effective strategy to manage it.
“If it isn’t broken, don’t fix it’ attitude: Many organizations adopt an “If it isn’t broken, don’t fix it” attitude towards cybersecurity. Most of them are not aware of their existing vulnerabilities.
They fail to understand the importance of including cybersecurity as a key item in their supply chain management. If hackers discover and exploit the vulnerability present in the system, it might either be too late or too costly to patch it. Organizations must extend risk mitigation beyond their enterprise to the complete supply chain.
It is not enough if you just protect your organization: Large organizations may have sufficient security tools and protection in place, but small business vendors and suppliers assume that they are not big enough to be considered a target for hackers. Therefore, they might not have the necessary staff with the expertise to apply updates or understand the risks involved.
Large organizations must realize the cybersecurity risks involved, establish necessary control, check arrangements and maintain a cycle of continuous improvement to ensure their supply chain is secure. Therefore, they can no longer rely on simply protecting their organization, they must also look at their partners and suppliers and ensure that they have the right security measures.
Increasing threat from insiders: The CERT division’s National Insider Threat Center (NITC) has found that over 15% of insider threat incidents were perpetrated by someone known in the victim’s organization. Insider incidents misuse their authorized access to an organization’s critical assets.
Gruntled and disgruntled employees unintentionally or intentionally can cause great harm to an organization and its stakeholders. Insiders are aware which assets are more critical and how it is protected by the organization, which makes it even more difficult to tackle.
Also, a significant number of executives fall victim to the belief that their organization’s workers would pose a threat. Policies and procedures associated with insider threat risk should be incorporated into the organization’s security framework including the supply chain.
Insecure cloud supply chain management solutions: Over the past few years, there has been an influx of cloud-based supply chain management solutions. But cloud services are generally built on top of third party IaaS or PaaS products. These layered services may result in a complex situation of separation controls.
When an organization’s data is highly sensitive, the underlying entire stack of services has to be considered for any security assessment. Even though cloud-based solutions have multiple security systems, one has to take into account how each organization implements the tools it has at its disposal for data security.
How SECUDE’s HALOCAD helps you manage your data security in the supply chain
While many products promise to secure CAD files shared in worldwide process chains using proprietary encryption. However, when you have invested in Microsoft Office 365, you can leverage Microsoft Information Protection for your CAD files using a simple cost-effective connector – HALOCAD.
SECURING CAD FILES STORED IN SAP
SAP Companies using SAP as their main data hub, manage CAD files in SAP KPro and ECTR. While data is secure within SAP, when a user accesses a file in SAP KPro, a copy of it is downloaded to the local cache that can be opened with the corresponding application. However, the file copy is unprotected.
SECUDE’s HALOCAD leverages MIP to encrypt CAD files. It is tightly integrated with MIP and fully supports the RMS implementation of Active Directory, Office 365, and Azure Active Directory.
ENABLING MIP FOR PTC CREO AND WINDCHILL
SECUDE’s HALOCAD enables PTC Creo and Windchill applications to use Microsoft Information Protection directly whenever the CAD files are checked out for editing or exported for sharing with partners. PTC Creo users will not notice any difference in the handling of CAD files but will act in a controlled environment due to the HALOCAD privilege enforcement.
ENABLING MIP FOR SIEMEN’S TEAMCENTER PLM DATA
SECUDE enables Siemens’ Teamcenter and NX/Solid Edge applications to use AIP to encrypt the data files along with security label and privilege enforcement. HALOCAD is seamlessly integrated with Teamcenter PLM with CAD, enabling the user to work transparently on the protected data files in the respective tools.
Similar to Siemens Teamcenter supporting multi–CAD systems, the HALOCAD plug-in also extends support for other CAD applications like AutoCAD, Inventor, Creo, Solidworks, and CATIA. This will add Business value and strengthen Teamcenter multi–CAD integration using AIP.
ENABLING MIP FOR NON-SAP ENVIRONMENTS
Also, HALOCAD enables CAD applications to use MIP directly when SAP is not the CMS in the background. In this case, HALOCAD enables encryption of CAD files that includes MIP label handling and privilege enforcement. CAD users will not notice any difference in the handling of CAD files.
HALOCAD provides end-to-end protection of CAD files by seamlessly applying MIP templates on the CAD files at the moment of its creation.
At the time of file creation, the user’s valid credentials will invoke MIP labels from Azure which can be applied to the newly created CAD file. Protected files can only be opened and modified by authorized users and thus, protection continues to remain even when the file is accessed by multiple users. The user’s rights are governed by pre-established policies.
Comments are closed.