Advertisement

Blog

Live Chat 11/12: Secure the Supply Chain From Hackers

The list of highly visible companies that are hitting the headlines for having fallen to cyber attacks grows daily: Target, Home Depot, JPMorgan, Apple, and even the United States Post Office. OEMs and their supply chains are being targeted as well. The only difference is that it hasn't hit the headlines yet.

“The challenge when you look at supply chains, with so much data being transferred back and forth, you always have to be looking for the Trojan horse that is being used to get in and wreak havoc,” said Drew Smith, founder and CEO at InfoArmor, which sells corporate data, identity, and privacy protection services, in an interview with EBN. “The way that breaches for data incidences occur in the supply chain arena means that they are less newsworthy and can go undetected longer.”

In the electronics industry, OEMs, CMs, and component makers make lucrative targets for bad actors that range from hackers doing governmental espionage to cyber criminals selling their abilities as a do-it-yourself hacker service. “Unfortunately, many organizations have the mentality that it can never happen to them,” said Smith.

However, if a breach does occur, the potential costs are huge. Far-reaching consequences include loss of proprietary and confidential information, harm to the corporate brand, systems disruption, loss of revenue, and loss of customers, according to PricewaterhouseCoopers' “2014 US State of Cybercrime Survey.”

Most supply execs are aware of the issue but don't know what to do. “Organizations are stifled by security anxiety,” Mike Kirschner, vice president of sales at InfoArmor, told EBN. “No matter how much money they throw at the problem, the question always remains: Has it been enough?”

As with any risk analysis, supply chain organizations need to consider their risk tolerance and work toward doing enough to mitigate the risk. “Identify critical paths that represent the highest risk,” said Kirshner. “There are limited resources in every organization, and there has to be a prioritization process.”

Further, a multilayered approach that includes technology, people, and processes is critical, said Kirshner. “Then there's pen testing, security assessment, and constant evaluations.”

As with any IT decision, organizations must consider whether to take a make-it or buy-it approach. “You have this tradeoff between simplicity, between buying pre-packaged packages or moving to cloud-based services versus building it yourself and the investment it takes to build it and put it in place,” Kirschner told us.

Further, organizations need to take a continuous improvement approach. “It's really a marathon, not a sprint,” said Smith. “So many folks want to complete the project and check the box.”

We'll be chatting live with Drew Smith about the reality of today's threat landscape and what supply chain organizations can do about it. Join us on Wednesday, November 12, at 2:00 p.m. EST/ 11:00 a.m. PST in the EBN chat area. Come by with questions, comments, and thoughts about cyber security as we tackle this increasingly critical topic.

— Hailey Lynne McKeefry, Editor in Chief, EBN Circle me on Google+ Follow me on Twitter Visit my LinkedIn page Friend me on Facebook

9 comments on “Live Chat 11/12: Secure the Supply Chain From Hackers

  1. Daniel
    November 12, 2014

    “As with any IT decision, organizations must consider whether to take a make-it or buy-it approach. “You have this tradeoff between simplicity, between buying pre-packaged packages or moving to cloud-based services versus building it yourself and the investment it takes to build it and put it in place,” Kirschner told us.”

    Hailey, security is always with the user hand. They have to maintain the system well with frequent security updates and new protecting methods. Security auditing is the best way to identify such loop holes and they have to conduct such audits once in 6 months to measure the vulnerability.

  2. InfoArmor
    November 12, 2014

    @Jacob We certainly agree that security is most effective when using a layered approach, including audits. We recommend that security and supply chain professionals do not rely SOLELY on self-reported audits and security questionaires. We actually provide a solution, called VSM, that proactively monitors for security incidents with your vendors and companies in your supply chain.

    I hope you will join us for the live chat today so we can talk about it more!

  3. Daniel
    November 13, 2014

    “We actually provide a solution, called VSM, that proactively monitors for security incidents with your vendors and companies in your supply chain.”

    Inforarmer, what's this VSM. Is it a security too or software or something else?

  4. InfoArmor
    November 13, 2014

    @Jacob Thanks for your participation at the chat yesterday!

    Yes, VSM is a security solution that enables customers to proactively monitor their vendors and the participants in their supply chain for ongoing security incidents as well as a historic lookup of past security incidents. You can learn more on our website: infoarmor dot com/products-services/corporate-credential-security/.

  5. Daniel
    November 14, 2014

    “VSM is a security solution that enables customers to proactively monitor their vendors and the participants in their supply chain for ongoing security incidents as well as a historic lookup of past security incidents. You can learn more on our website: infoarmor dot com/products-services/corporate-credential-security/.”

    infoArmor, thanks for this clarification and link. Sure, I will.

  6. Ashu001
    November 22, 2014

    InfoArmour,

    I unfortunately missed the Livechat but must say I learnt a lot from your discussions there!

    Good to see your range of products for safeguarding the Supply Chain effectively.

     

  7. Ashu001
    November 22, 2014

    Hailey,

    When Drew Smith says the following-

    “The challenge when you look at supply chains, with so much data being transferred back and forth, you always have to be looking for the Trojan horse that is being used to get in and wreak havoc,” 


    He's absolutely right and on the Ball here.

    I have a feeling that simply adding more and more encryption tunnels alone is not going to solve the problem alone-When you have so many encryption schemes getting broken happily in the last year or so(Remember Shellshock? What about Poodle? what about Heartbleed?)

    You have to be on your toes or have a consultant who is always on his/her toes to solve this issue every single day,Every single time.

    Anything less is disaster.

    Regards

    Ashish.

  8. ahdand
    November 23, 2014

    @tech4people: Well SCM can do wonders if you get the business process and the configuration rightly mapped. That will take some doing but if you target your future yes surely you will have to 

  9. Ashu001
    November 23, 2014

    Nimantha,

    Well Said!

    The Big Problem/issue as I see it is that in a time of Declining CAPEX Globally we are dealing with just keeping the Lights on more often than not.

    Innovation? its important but not more important than putting Bread on the table;If you know what I mean.

     

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.