Best Practices to Protect Supply Chains
With the rapid adoption of cloud computing and the Internet of Things (IoT), the supply chain has many new entry points and attack surfaces for cybercriminals to infiltrate. Implementing these best practices help manufacturers continue to innovate, create new products and services, and increase profitability, while maintaining a competitive edge.
1. Establish collaboration and education across the organization. Security must be built into every process, product, and experience across the supply chain, which is why establishing collaboration between IT and business leaders is a vital first step.
Business leaders need to work with IT leaders to understand that protecting supply chain data is vital to business continuity. This collaboration starts with all business leaders having the knowledge and understanding of potential cyberattack scenarios.
Gone are the days of "this is an IT problem." It's every business leader's problem to solve. With the security challenges of 2020, cybersecurity moved from a technical issue to a business enabler, a shift that will continue to build out this collaboration between IT and business leaders.
There is also growing recognition that IT and Operational Technology (OT) teams must converge in order to determine the balance of priorities between the two and successfully protect the data that can be exploited on IoT devices. Visibility across all types of connected devices—OT, IT, and IoT devices—is important. Digital transformation and the need for business agility create increasing co-dependence between IT and OT. The main result, from a cybersecurity perspective, is a greatly expanded attack surface.
2. Develop an internal shared responsibility model. Employees, customers, and supply chain partners must understand that their physical and digital assets are all targets for cyberattacks. From there, they can understand their role and shared responsibility to help protect those assets.
A good use case to explain this shared responsibility model is through the roll-out of 5G technologies. 5G is revolutionary, but much like the early days of public cloud adoption, a shared security responsibility model is needed to help identify where the lines and responsibilities are from the network provider to the assets the business puts on the network and owns.
From a similar viewpoint, it's important to define the lines and ownership between your security team's responsibilities and those of your employees, partners, and customers, to help reduce the risk of introducing vulnerabilities into your supply chain—especially when connecting new IoT devices. Everyone working together to protect the business ultimately heightens the security of the supply chain as a whole.
3. Implement Zero Trust principles. Adversaries find IoT devices within the manufacturing industry an attractive entry point into the network. The data that can be exploited from one of these devices is extremely sensitive, threatening critical infrastructures along with consumer health and safety.
Companies that have implemented Zero Trust principles have adopted the idea that there is no trust granted to assets based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership—enterprise or personally owned.
Manufacturers implementing the Zero Trust framework can identify supply chain weaknesses across product creation, manufacturing, testing, and delivery—without the need for disruptions that ultimately can halt operations.
Through collaboration, a shared responsibility model, and Zero Trust principles, supply chains will strengthen as security improves.