As world trade increases, embedding strong supply chain security into your service is of prime importance. Information security weaknesses have been responsible for many high profile data breaches in recent years as the ICT supply chain has become increasingly complex.
The likelihood of a product’s integrity being compromised when organisations or individuals “touch” a product has increased because of multiple tiers of outsourcing. Publicised attacks and vulnerabilities introduced via the product developers supply chain is an increasing concern that has manifested in proposed legislation and draft government regulations.
However, despite the growing concern, exacerbating the potential risks and mitigations within the ICT industry, product acquirers and government regulators is not widely shared. The threat of malware or integrity breaches which aim to tamper communications between the product developer and the consumer are high, and organisations need to be striving towards investing in stronger security systems to be put in place to ensure the successful delivery of their product.
According to Chris Gibson, Director of the UK computer emergency response team (Cert-UK), supply chain security is an important area of focus.
“We are very cognisant of the fact that the information security of suppliers is just as important as that of providers of critical infrastructure themselves.”
“We work a lot of cases that are deep down in the supply chain.”
According to Gibson, many of the cases that Cert-UK is involved in could have been prevented if the organisations involved had followed basic “cyber hygiene” principles.
“A recent incident involved poorly-configured SQL servers, but that is a security vulnerability we have known about for 20 years. Attackers are still finding and exploiting well-known vulnerabilities that we know how to fix.”
“Good cyber hygiene across the board would solve an awful lot of the problems we see and would kill a lot of the work I deal with.” [Source]
Supply chain security as a service would provide organisations with significant enhancements in their supply chain security and productivity. This would in effect optimise the credential inspections of participants involved within the logistics of their supply chain, and also provide a secure virtual environment for information to be accessed and exchanged.
Join us at our 2nd Govsec conference to be held on 29 September 2015 at the Hotel Russell in central London. To register your place to attend, please visit: https://whitehallmedia.co.uk/govsec/registration.
Author: Dan Myers