How important is Cyber Supply Chain Management?

Due to the complexity of today’s globally functioning supply chains, identifying and avoiding cyber-related supply chain risks is becoming more and more challenging. To add to the challenge, the cyber security of an organizations’ supply chain is no longer exclusively dependent on the prevention of system breaches, crashes or cyberattacks. Sophisticated attackers are willing to use any means necessary to gain access to sensitive data, and third-party suppliers and vendors may have fewer security controls in place than your organization, making them an easier target for an initial attack. Once breached, attackers can leverage these vendors’ access as an ingress point into their ultimate target, your organizations crown jewels.

“The supply chain stuff is really tricky.”
~Elon Musk, CEO of Tesla and SpaceX

Key Cyber Supply Chain risks

Cyber supply chain risk covers a lot of territory. According to NIST, the key cyber supply chain risks are:

  • Third party service providers or vendors – from janitorial services to software engineering — with physical or virtual access to information systems, software code, or IP.
  • Poor information security practices by lower-tier suppliers.
  • Compromised software or hardware purchased from suppliers.
  • Software security vulnerabilities in supply chain management or supplier systems.
  • Counterfeit hardware or hardware with embedded malware.
  • Encrypting your company’s laptops and other mobile devices.
  • Third party data storage or data aggregators.

In order to address cyber related supply chain risks, organizations must have strategies in place to actively and preemptively address cybersecurity in and along the entire value chain.

 

TBG approach to Cyber Supply Chain Management

At TBG Security we take a methodical approach to assessing your cyber supply chain, creating an effective supply chain management program and reducing your cyber supply chain risk.
approach to cyber supply chain management

 

Why TBG Security

  • Decades of experience in cybersecurity risk management
  • Trusted Advisors providing world-class information security consultancy to Fortune 1000 companies
  • Experts in regulatory compliance such as PCI, HIPAA, ISO, GDPR, NIST and more
  • Fully independent and expert advice
  • We are product agnostic and consulting services are our coreservices
  • Customers include hedge funds, investment firms, health services, retail, start-ups, cloud services and more
 

Get In Touch

For more information or if you have a specific question, we’re here to help.

Contact us