Protecting the Supply Chain in COVID-19
Supply chain cybersecurity is important at all times, but arguably even more so during the COVID-19 crisis. If a hack compromises the speedy delivery of vaccines, medical equipment, or drugs used to treat people suffering from the virus, everyone involved could face devastating consequences. Here are some proactive steps people can take to keep their sensitive supply chain data safe.
Understand and Address the Top Risks
Keeping the supply chain safe begins when people know where vulnerabilities exist. By recognizing the threats and taking them seriously, it’s easier to triage them and find the best ways to make improvements.
A recent study analyzed the top cybersecurity risks for supply chains. The results showed that 48% of companies left significant digital assets unprotected by web application firewalls. That was the biggest issue found. However, 40% of businesses studied had severely vulnerable unpatched web servers.
Risks could also relate to specific products. For example, researchers warn that adversaries aimed to disrupt vaccine supply chains beginning in late 2020. Additionally, more recent evidence shows that their efforts persist. The researchers stop short of blaming a particular group. However, they say the work has hallmark signs of nation-state actors. The team also clarified that those involved have an acute understanding of the vaccine supply chain.
Hold Vendors to High Standards
Modern supply chains are significantly more extensive compared to earlier ones. A primary reason for that change is that specialists rely on a growing number of parties to help them meet their needs. It’s not enough to simply hope that third-party providers have sufficiently tight cybersecurity protocols.
Beau Woods, a senior advisor to the Cybersecurity and Infrastructure Security Agency, explained, “Companies and government agencies need to know who their software and hardware suppliers are, vet them, hold them to certain standards.” He continued by emphasizing that a screening approach is as applicable to private-sector companies as government-based ones.
Before finalizing a decision to work with a certain provider, representatives should explicitly ask the vendor to detail its cybersecurity practices and inquire whether any issues have occurred in the past. Additionally, some business leaders may require that vendors meet and continue adhering to particular cybersecurity standards or procedures for the duration of the relationship.
Apply a Continuous Monitoring Technique
An issue associated with insufficient supply chain security is that it may take too long for people to notice a problem. A hacker could access a system for weeks, using that time to steal data or prepare to lock it down and orchestrate a ransomware attack. However, continuous monitoring for supply chain data allows people to see and deal with potential suspicious activity much sooner.
Chris Nissen, the director of asymmetric threat response and supply chain security at MITRE, advocates for that approach to keep supply chains safer. During a town-hall event about government security, Nissen explained how trust and continuous monitoring go hand-in-hand.
He clarified, “I think it’s a mistake to call something trusted unless you’re continuously monitoring it and the group that assigns trust is much broader than a handful of people that deduce whatever certification or that they need to do and say, ‘this is now clean,’ because that’s very attractive. Once something’s trusted, then they can activate a vulnerability that’s already there or really go after getting one in.
Assess How Blockchain Could Help
Most people initially associated the blockchain with cryptocurrencies. It did gain prominence that way, but the applications span much broader. Most applicable to the topic here is that it can make supply chains more efficient and accurate by improving visibility between various authorized parties.
Some industries want to use the blockchain for better supply chain security, too. For example, two hospitals in the United Kingdom used distributed ledger technology to facilitate the COVID-19 vaccine rollout. Those entities combined the blockchain with smart temperature sensors that ensure vaccines stay cold enough. The system also creates a tamperproof record that only authorized parties can see, minimizing the chances of data misuse.
Providing an effective way to track each vaccine’s location is critical, especially with numerous ongoing cases of people attempting to steal or succeeding in seizing COVID-19 vaccines. However, it’s not just the physical vaccines that interest criminals. Some hackers want the technology behind them. More specifically, they have their sights set on the intellectual property that could allow unauthorized production if left unchecked. The blockchain is not foolproof, but it could cut down on such access attempts.
Apply Various Methods
People should keep in mind that no single method will stop every threat to supply chain data. However, the best approaches typically come about when those responsible for improving cybersecurity explore several ways to meet goals.
How SECUDE’s HALOCORE & HALOCAD help protect your critical data in the complex supply chain
In a normal process chain, sensitive data be it BOM, Accounts, Payroll, HR, Finance to name a few from SAP systems are shared between employees, suppliers, vendors, and partners.
The shared data needs to be protected wherever it goes across the supply chain. HALOCORE extends the security templates provided by Microsoft Information Protection (MIP) by automatically applying sensitivity labels as mandated by the organization’s security policies and protects sensitive SAP data. The data is encrypted, and protection is enabled even if it gets into the wrong hands outside the organization.
Similarly, in manufacturing and design intense organization intellectual property in the form of CAD drawings, blueprints, schematics, and prototypes are shared internally between engineering and design teams, 3rd party vendors, suppliers, and partners.
HALOCAD provides end-to-end protection of CAD files by seamlessly applying MIP templates on the CAD files at the moment of its creation.
Protected files can only be opened and modified only by authorized users within and outside the organization as per the security policy enforcement defined in MIP and thus, protection continues to remain even when the file is accessed by multiple users across the supply chain.
This blog was written by an independent guest blogger.
About the Author: Devin Partida
Devin Partida is cybersecurity and technology writer, as well as the Editor-in-Chief of the tech blog ReHack.com.
Comments are closed.