As OEMs create close ties across the supply chain, IT security becomes a critical business consideration.
"The supply chain is becoming more and more a top of mind focus in terms of security," said Steve Durbin, global vice president of the Information Security Forum (ISF). "One of the most challenging aspects is that, irrespective of who you might be, you are working with partners outside your normal jurisdiction."
The supply chain is becoming increasingly complex, with more suppliers and additional requirements around regulation and certification. Meanwhile, each department (from procurement to accounting) has its own lens and its own concerns. Security gets lost in the fray. For example, procurement, which is focused on driving down price and achieving on-time delivery, may focus on big-ticket buys, and be less likely to be concerned about POs that may contain customer and product information targeted by cybercriminals, Durbin said.
With limited resources, though, organizations have to take a targeted approach to where to start implementing a security mandate. Here are the few steps:
- Identify products and vendors that would have the greatest impact on the supply chain if something goes wrong. "Don't try to do everything at once," said Durbin. "Nail down the critical things first."
- Understand how third parties are using your data. Ask questions about how data is being used, stored, and manipulated. This will help you spot areas where you might be responsible for a data breach. "Today, there are many systems and tools that allow you to take different data points and put them together in different ways," said Durbin. "Communication, transparency, openness, and awareness are key."
- Raise security awareness in the organization and with suppliers. "There are some really basic fundamentals we have to face up to: cybercrime is on the increase, criminals have figured out to collaborate very well, state-sponsored theft is on the rise, and at the same time we have global supply chains that will remain global," Durbin explained. Regular and ongoing training, and regular reminders, as well as a clearly articulated security policy are good places to start.
Especially as cloud services, virtual machines, and the use of mobile devices add exponentially more points of entry to the average organization, security is critical. We'll be exploring this hot topic on Tuesday, December 10 at 1:00 p.m. EST (10:00 a.m. PST). We've invited Mr. Durbin to be our guest as we tackle how to mitigate risk in the supply chain. Join us in the EBN chat room and bring a friend!