This dialogue occurred on Wednesday, November 12, at 2:00 p.m. EST.

The number of cyberattacks is on the rise and hackers are targeting the supply chain. Drew Smith, founder and CEO of InfoArmor, will be on hand to discuss the reality of today's threat landscape and what to do about it.
You must login to participate in this chat.

great post nice

User Rank   Stock Keeper

nice post

User Rank   Stock Keeper

graey blob buddy

User Rank   Stock Keeper

gfreat post buddy

User Rank   Stock Keeper

good post

User Rank   Stock Keeper

nice good one dis post

User Rank   Stock Keeper

GOOD INFORMATION

User Rank   Stock Keeper

nice information thank you

User Rank   Stock Keeper

I hope the information was useful

User Rank   Stock Keeper

it was grest information

User Rank   Stock Keeper

If you are testing your vendors, you need a pre defined agreement to do so.  I would suggest the same with employees.

User Rank   Stock Keeper

kattapa bahubali ni yenduku senduruva

User Rank   Stock Keeper

nice one

User Rank   Stock Keeper

good one

User Rank   Stock Keeper

very good post

User Rank   Stock Keeper

great one cool buddy

User Rank   Stock Keeper

cool information was useful.

User Rank   Stock Keeper

i hope the information was useful

User Rank   Stock Keeper

electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!

User Rank   Stock Keeper

nice post dis

User Rank   Stock Keeper

nice post

User Rank   Stock Keeper

thank u

User Rank   Stock Keeper

yeah great post

User Rank   Stock Keeper

The number of cyberattacks is on the rise and hackers are targeting the supply chain.

User Rank   Stock Keeper

excellent post

User Rank   Stock Keeper

I hope the information was useful.

User Rank   Stock Keeper

great post

User Rank   Stock Keeper

really excellent post

User Rank   Stock Keeper

very nice information

User Rank   Stock Keeper

hi ma name is nolanmartin i am studenta and free lancer i love to explore the good recent

and use ful wrticles whicha are published in various websites

User Rank   Stock Keeper

The number of cyberattacks is on the rise and hackers are targeting the supply chain

User Rank   Stock Keeper

 If you are testing your vendors, you need a pre defined agreement to do so.  I would suggest the same with employees.

User Rank   Stock Keeper

nice information thank you

User Rank   Stock Keeper

I hope the information was useful.

User Rank   Stock Keeper

I hope the information was useful.

User Rank   Stock Keeper

nice post thank you

User Rank   Stock Keeper

we have to see 

User Rank   Stock Keeper

nice information

User Rank   Stock Keeper

really excellent post

User Rank   Stock Keeper

excellent post

User Rank   Stock Keeper

nice information thank you

User Rank   Stock Keeper

And in anyone wants to learn more about Drew and his organization, take a look here: http://infoarmor.com/about-us/

User Rank   Blogger

Great material!

User Rank   Stock Keeper

@Thank you all, EBNers. I appreciate the great questions! I'm sure we'll continue to explore this in depth!

User Rank   Blogger

I hope the information was useful.

User Rank   Stock Keeper

@trandall, in the electronics world, i'd argue that small organizations often are the innovators and so would have valuable IP--and a lot less resources to protect them. Couple that with teh reality that there are simply more of them...i'd have to argue that small organizations are more at risk but large companies have a higher profile.

User Rank   Blogger

Thank you.  I'm always happy to particpate.

User Rank   Stock Keeper

THank you for being our guest today...this has been a really useful conversation. A little daunting...but useful. :) I hope you'll come again!

User Rank   Blogger

@trandall Not necessarily.  It depends where the opportunity lies.  Target was breached due to one of their HVAC vendors.  Not a large company at all, yet it impacted millions of consumers.

User Rank   Stock Keeper

@hailey We really don't know yet what they means for organizations.  We just need to stay focused on emerging threats so we will hopefully be able to stay just ahead of the ever-increasing sophistication of global bad actors.

User Rank   Stock Keeper

ALL...on the question of the future will large organizations be at the most risk?

User Rank   Stock Keeper

@hailey The future...more and more devices available on the public Internet exponentially increase the attack surface. 

User Rank   Stock Keeper

@hailey  Absolutely. We know for a fact that USB sticks have contained malware placed on them during manufacture.  It is not at all unimaginable to envision this impacting all types of consumer goods.

User Rank   Stock Keeper

So we're hitting the 40 minute market. let's take a look at the future. What do you see on the horizon? How will the threat landsape evolve? How will organizatoins need to evolve to meet those changes? (I know these are huge questions! :) )

User Rank   Blogger

@Drew, i talked to one pen tester who dropped a handful of USB drives in teh parking lot of the DOD (Department of Defense) and at least four people picked them up and plugged them in. I bet those people left feeling kind of bad... but it was a potent lesson. I do think that you want people to feel good about making a report though.

User Rank   Blogger

@hailey All companies are targets every day.  We see targeted threats directed at InfoArmor just like any other organization that monitors it.  Good question.

User Rank   Stock Keeper

@Drew, i talked to one pen tester who dropped a handful of USB drives in teh parking lot of the DOD (Department of Defense) and at least four people picked them up and plugged them in. I bet those people left feeling kind of bad... but it was a potent lesson. I do think that you want people to feel good about making a report though.

User Rank   Blogger

@trandall This does not appear to be the case.  As more and more data is available, the opportunity is only growing...exponentially.

User Rank   Stock Keeper

Do you think there are threats at the back end of the manufacturing chain? It was suggested to me that malware, for example, might get loaded onto consumer electronics products during manufacturing by a hacker that got into the system. that would be a terrible black eye for an electronics company.

User Rank   Blogger

@hailiey We've tried the war game approach and it can be an interesting part of ongoing training.  Unfortunately, it can be like standing with a carrot in one hand and a bat in the other.  We want people to be willing to admit concerns or possible incidents, not hide them.  If you are testing your vendors, you need a pre defined agreement to do so.  I would suggest the same with employees.

User Rank   Stock Keeper

@trandalick, exactly. small data being morphed into big data.

User Rank   Blogger

@Drew, has your company ever been targetted that you know of? I know some cyberthieves think it's a feather in the cap to hit a security company

User Rank   Blogger

@Hailey, so this eventually becomes a Big Data issue as opposed to individual accounts?

User Rank   Stock Keeper

@alison You need complete company-wide buy-in to a security framework (for example ISO 27001).  You also need one person responsible...a CSO, CTO, CEO or data steward.  Whether or not you need external resources is dependent upon the type of exposure/risk you have and size/complexity of the organization.

User Rank   Stock Keeper

@trandalick, i think the focus will be on combining data streams to create something even more valuable. Those hackers are getting smarter every day. :)

User Rank   Blogger

That corner office suport really is critical.

User Rank   Blogger

@ALL...with data so prevalent will there actually be a decline in it's utility and value for cyberthieves?

User Rank   Stock Keeper

I've heard that some companies test their vendors and employees...sort of a war games approach. Do you think that's helpful? can the average organization manage it?

User Rank   Blogger

Thanks! I've been lurking!

User Rank   Inventory Controller

At InfoArmor, our data security team is the largest one in the company...as everyone is on it!

User Rank   Stock Keeper

@Alison, welcome to the conversatinal fray! Glad you could make it.

 

User Rank   Blogger

@kdawson Data security training needs to be ongoing and compelling, yet not an impediment to daily operations.   It also needs to be easy to understand and practical.  Signing an annual policy statement after a one hour review is not good enough.  One walks a fine line, but its importance needs to come from the top.

User Rank   Stock Keeper

Is this so complex a problem that companies need to get outside help? What should they be looking for? Pen testers? trainers? IT experts?

User Rank   Inventory Controller

@drew, i think too it ought to be language added to every job description and perhaps mentioned regularly at meetings--too often awareness just fades into the background. Which brings us to Kdawson's question about training.

User Rank   Blogger

@Drew, i posted my question before i saw yours! Great minds eh?  you get to take home the virtual quacamole. :)

User Rank   Blogger

@hailey  If it is not already, it needs to be added.  That is...language to address data security.

User Rank   Stock Keeper

@trandallck, it seems to me that SC systems are closly integrated into the general enterprise. If hackers get access to one area it can spread. The hackers just follow the money right?

User Rank   Blogger

Got a question about training. People are often the biggest problem in cybersecurity. How do you get employees and supplier employees to really understand the threat to the point that they actually adhere to the systems in place, the procedures? Too often people try to get around them.

User Rank   Stock Keeper

Do you think information security is currently part of the average vendor/supplier agreement? Would adding language around corporate data security and incident response policy to this kind of agreement? Would it raise awareness? Compliance? What do you think?

User Rank   Blogger

@jimc  That's a million dollar question.  Many times a firm finds out about an incident far too late.  The key is putting SLAs into contracts from the beginning to make sure security concerns are shared as quickly as other issues.  We recommend incident management practices are developed before they are needed.

User Rank   Stock Keeper

@ALL...is there any corellation between Enterprise System supply chain breaches and non Enterprise Systems?

User Rank   Stock Keeper

@Drew and on the supply chain side, supply chain management, e-procurement and other apps, especially those in the warehouse and manufacturing floor often use mobile devices. that's only going to get more pervasive.

User Rank   Blogger

Are suppliers and their regular customer open enough with each other about sharing information on their security strategies? About actual breaches?

User Rank   Stock Keeper

@hailey  Another good point.  BYOD (bring your own device), especially in the smart phone arena, can be challenging for a company to monitor.  One has to weigh cost and convenience against greater security risk.  The next frontier is cybercriminals focusing on our mobile devices.

User Rank   Stock Keeper

@Hailey, that is interesting on the $ perspective for identifying threats

User Rank   Stock Keeper

on the technology side, too you have hardware, software, firmware all providing points of entry. Networks, mobile devices, etc. Are there technology areas that often get overlooked?

User Rank   Blogger

@hailey Audits are a good place to start.  A good one includes risk and gap assessments followed by clear remediation efforts. Annual is the absolute minimum!

User Rank   Stock Keeper

@hailey It is a lot like a 7 layer dip (keeping that virtual chips and salsa analogy going)...if the refried beans are breached, the guacamole often follows.  Multi-layer means technology, training, procedures, audits and monitoring support one another.  You are only as strong as your weakest link.

User Rank   Stock Keeper

Do all supply chain breaches ultimately impac the individual? I.E. higher costs or stolen accounts emails?

User Rank   Stock Keeper

One of our early bird users asked about audits--any specific advice on what should be included in a good audit or tips on how it should be done?

User Rank   Blogger

@Tim, I talked to a guy the other day who argued vehemently against the dollar valuation approach. He had an example where the inavailability of $2 part cost the company millions. I wonder if there is a cyberthreat equivalent. Perhaps the biggest dollar suppliers aren't necessarily the ones that would give a bad actor a door into the organizatoin.

User Rank   Blogger

@jimc   Data breaches are a reality.  It is no longer if, but when.  The stance a company takes regarding breaches within its supply chain is largely going to be dictated by how sensitive they deem the data impacted.  The risk to consumers is nothing (they are made whole)  relative to a business.

User Rank   Stock Keeper

We talk a lot about the need for "layered protection". What does that realisticaly mean today?

User Rank   Blogger

@hailiey  The focus should be on mission critical information.  That really depends upon the organization.  For some, it might be product plans, for others pricing or cost data.

User Rank   Stock Keeper

BTW: another great research resource is the Verizon Data Breach report: http://www.verizonenterprise.com/DBIR/2014/

User Rank   Blogger

On the triage point, is there simply a dollar value that can be assigned?

User Rank   Stock Keeper

@Drew. Actually, after I posted my question I was on another window and say an ISACA press release saying that even with all the attention to consumer-side breaches, consumers aren't changing their shopping habits. Maybe they are just so beaten down by the break-ins tha they don't care any more. Could the same thing happen in the supply chain?

User Rank   Stock Keeper

@hailey  Setting up a framework is only the beginning of the marathon.  The key is ongoing, real time monitoring.  Depending upon annual audits and self-assessments is simply not enough.

User Rank   Stock Keeper

Plus a lot of the threats are under the radar--with the newest malware, it is designed to go in, siphon off information for as long as possible, and with the really sophisticated programs to remove itself later or when it is detected. I've heard that problems can go on for months and years with the organization not even realizing it!

 

User Rank   Blogger

JIMC, consumer facing is an excellent point. Production and transportation are not as news worthy like say a Home Depot

User Rank   Stock Keeper

I know with risk management in general there has to be a triage process about which threats are most compelling. The same seems to be true with cybersecurity. Limited budgets and time and all that. How should organizations go about figuring out which suppliers and which systems to focus on?

User Rank   Blogger

@jimc Absolutely.  Just because it isn't newsworthy, doesn't mean it's not happening.

User Rank   Stock Keeper

@Drew, and once you have the framework in place, how do you manage the task of ensuring that partners are adhering to it and doing appropriate training?

User Rank   Blogger

@hailey Bad actors (i.e. hackers) are interested in any data they can monetize...PII, healthcare, IP, pricing information, etc.

 

User Rank   Stock Keeper

In research released in 2013, the Information Security Forum (ISF) found that, "of all the supply chain risks, information risk is the least well managed," and that, "forty percent of the data-security breaches experienced by organizations arise from attacks on their suppliers."

User Rank   Blogger

That's a great point and one of the larger problems facing companies with a broad, global reach.  The key is being proactive when it comes to data security and adapting to a security  framework that addresses both internal and external threats.

User Rank   Stock Keeper

Well, there's the "Advanced Persistent Threat," that one is pretty well known. And identified. And denied by China.

User Rank   Stock Keeper

Drew, do companies in the middle of the supply not get the attention when it comes to breaches simply because they aren't "consumer-facing"?

User Rank   Stock Keeper

Are there particular data types that hackers are targetting? Is the profile of the hacker evolving?

User Rank   Blogger

Drew, with the supply chain so diverse globally how can firms adequatley prepare for the differences in protocols across their partners?

User Rank   Stock Keeper

Unfortunately, these threats are all too real.  And yes, all companies need to be concerned, especially when they are in the business of sharing data with their vendor ecosystem.

 

User Rank   Stock Keeper

Hi Drew. You are right on time! Thanks so much for stopping by to talk about this important topic. Let's get started with getting the lay of the land: Are these threats real? Do electronics companies have to be particularly concerned?

User Rank   Blogger

That is great, I will definitely look at it.

User Rank   Stock Keeper

Good afternoon.  This is Drew Smith, CEO and founder of InfoArmor.  I look forward to our discussion.  And thank you Hailey.  Data security is near and dear to my heart.

User Rank   Stock Keeper

Hi, Jim... thanks for stopping by. pull up a chair. Can I offer you refreshment. We've got guacamole and red/white/blue corn tortilla chips.

User Rank   Blogger

Hi, Hailey

User Rank   Stock Keeper

@tim, PWC came out recently with an indepth report on this topic. you can find it here: http://www.pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf

User Rank   Blogger

We'll be starting in about five minutes

 

User Rank   Blogger

Hi Tim, so glad you could make it! Feel free to throw questions or thoughts out--or just enjoy the guacamole!

User Rank   Blogger

Hi KDawon. glad you could make it! Pull up a chair. Guacoamole and chips are on the table to your rihgt. (Red, white and blue in honor of the just-passed Veterans Day in the US)

User Rank   Blogger

Good afternoon, Tim Randall from Cramer-Krasselt. Hoping for a great dialogue!

I am interested in hearing the size of the problem and its reach.

User Rank   Stock Keeper

Mmm guacamole.

User Rank   Stock Keeper

As you arrive, please introduce yourself so we can offer words of welcome, and offer you a seat as well as a bit of EBN's famous virtual guacamole and chips.

User Rank   Blogger

Questions, theories, ideas, real world experiences and even friendly rants are welcome here.

User Rank   Blogger

Second, if you have problems posting, we suggest trying a different browser.  IE9 is a popular choice, but sometimes find Firefox, Chrome, or Safari work better.

User Rank   Blogger

This will be a fun, fast, and friendly conversation, so please do not hold back with your comments or questions.  There are no dumb questions and we value everyone's point of view.

User Rank   Blogger

First, please make a copy of your post before hitting the "post" button – just in case.  If the system "eats" one of your carefully crafted thoughts, please hit "Ctrl-Z" to recover it.

 

User Rank   Blogger

We should be getting started at 2PM PST sharp, as soon as our guests arrive.  First, though, there are two housekeeping notes:

User Rank   Blogger

I'm glad to see the conversation has already begun! This is clealry a hot topic.

User Rank   Blogger
And if having Apple products never, ever, download anything from third party stores. The only way to keep your devices safe is downloading your apps from the AppleStore.
User Rank   Blogger
Indeed, Jacob, security and privacy always begin with the user. In the same way you lock your door for your home's security otherwise any stranger can come into your private space, you need to protect your devices from anyone entering into the system without authorization. Having the latenst possible equipment as well as the latest upgraded software and being extra careful where you download your applications from are of paramount importance.
User Rank   Blogger

Security is with the user. They have to maintain the system well with frequent security updates and new protecting methods. Security auditing is the best way to identify such loop holes and they have to conduct such audits once in 6 months to measure the vulnerability.

User Rank   Supply Network Guru

Early bird

User Rank   Supply Network Guru

Hi All

User Rank   Supply Network Guru
EBN Dialogue / LIVE CHAT
EBN Dialogue enables you to participate in live chats with notable leaders and luminaries. Open to the entire EBN community of electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!
Archived Dialogues
Live Chat 01/15: CPOs Re-Shape Their Business Roles
Increasingly chief procurement officers (CPOs) are re-shaping their organizational role to focus on creating results far beyond cost controls. A new IBM survey explores how.
Live Chat 11/12: Examining the Cyberthreat to Supply Chains
The number of cyberattacks is on the rise and hackers are targeting the supply chain. Drew Smith, founder and CEO of InfoArmor, will be on hand to discuss the reality of today's threat landscape and what to do about it.
Twitter Feed
EBN Online Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)