GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack
By Josel Lorenzo

It’s a scenario executives know too well.

Related: Third-party audits can hold valuable intel

You and your cybersecurity team do everything correctly to safeguard your infrastructure, yet the frightening alert still arrives that you’ve suffered a data breach.

It’s a maddening situation that occurs far more often than it should.

One of the main culprits for these incredibly frustrating attacks has not so much to do with how a team functions or the protocols a company employs, but instead, it’s a procurement issue that results from supply-chain shortcomings and the hard-to-detect vulnerabilities layered into a particular device.

“The same technologies that make supply chains faster and more effective also threaten their cybersecurity,” writes David Luki, a privacy, security, and compliance consultant. “Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”

The inherent complexity of the supply chain for modern technology is a reason why so many cybercrime attempts have been successful. Before a device reaches the end user, multiple stakeholders have contributed to it or handled it. CPUs, GPUs, drives, network controllers, and peripherals can each originate at a different supplier.

Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. From there, likely operations staff, audit staff, and IT department personnel handle the device before it finally makes its way into the hands of the intended operator.

This complexity can be compounded by the effects of world events lik ..

Support the originator by clicking the read the rest link below.