__________________________________________________________________________________________________
Cybersecurity stringent cybersecurity standards and transparent incident reporting, to continue operating and avoid penalties.
Tools for threat detection and digital due diligence
The tools supply chain companies use to detect cyber threats and perform due diligence vary from one to the next. However, many will use the following standards as part of a robust cybersecurity policy:
■ Intrusion Detection and Prevention Systems( IDS / IPS), which monitor networks for suspicious activity, protecting endpoints from malicious code and direct attacks
■ Third-party risk management systems, which are designed to continuously monitor third-party vendor security practices and to alert central users to potential risks and weaknesses
■ Threat intelligence platforms, which offer guidance on the latest security risks and on how a user company’ s posture matches up against said threats
■ Mapping solutions, which offer companies a top-down view into supply chain interconnections, supporting a betterinformed understanding of which vendors are likely to impact individual security
Embedding cybersecurity into culture
Cybersecurity isn’ t just a tick-box exercise that falls at the IT department’ s door. It’ s an ever-evolving practice that should be embedded into company culture, shared between parties and vendors to better fortify chains as threats become more sophisticated and aggressive.
Evaluating the security consequences of adopting emerging technologies and implementing suitable measures to safeguard against emerging threats can help prevent the cybersecurity challenges associated with innovative technologies
For example, simply promoting cybersecurity awareness and offering regular training at all levels of a business – and across all wings, from procurement to partner operations – is a must.
Fostering a strong cybersecurity culture isn’ t something that can be achieved overnight, but sewing in simple practices such as running risk assessments at every decision-making stage and adopting a zero-trust stance on all communications can be a useful first step in the right direction.
Securing the chain from end to end
A truly secure supply chain firm is one that looks carefully, even holistically, at how its data and operations may come under threat from all angles. That includes ensuring its own data handling practices are robust, while taking care to assess and eliminate risks posed by third parties.
Supply chain firms must also take time to minimize cybersecurity risks by fostering more security-focused cultures, and to see protective and assessment measures as integral to the smooth functioning of the broader chain.
Unfortunately, there is no outrunning cybersecurity threats at any point of a supply chain, but there are ways to minimize risk as much as possible. ■
Michael Aminzade www. vikingcloud. com
With more than 26 years of experience within cyber, information security, and compliance industries. Michael Aminzade is Vice President of Managed Compliance Services at VikingCloud. His experience covers the full spectrum, from internal information security where he has been the CISO for a large global service provider to running large global consulting teams.
scw-mag. com 21