10 Essential Steps to Enhance Your Supply Chain Cyber Security

10 Essential Steps to Enhance Your Supply Chain Cyber Security

October 17, 2024

With more and more triple extortion scams on the rise, organizations need to use a layered defense model to get ahead of cyber security risks. In a keynote session at LogiCon24, one of the speakers, Rachel Wilson, spoke in detail on tactics to supply chain cyber security risk mitigation. Here are 10 tips for avoiding and managing cyber-attacks.

• Patch & Update Devices: Software manufacturers are constantly discovering new flaws, bugs, and weaknesses in their code. They are fixing those vulnerabilities by issuing issuing patches to the consumers. It is crucial to quickly and comprehensively make the patch because, when that patch is released, the team behind the software enters into a race condition with hackers.
• Backup Data & Systems: Use a 3,2,1, strategy to back up data. Have 3 copies of your data, in 2 geographically dispersed locations, and 1 location off of your network.
• Move to cloud-based software: Take advantage of natively available security resources in cloud-based systems and processes like, strong encryption, entitlements and access management, delegated access, and strong authorization. Cloud-based software can also allow users to choose to automatically run backups and patch updates.

"Ransom ware has caused $20 billion in losses in just the last year. And are on track to see record losses in 2024." - Rachel Wilson, Director of Cybersecurity, Morgan Stanley Wealth Management

• Audit Backup Process: Often times companies think their data is backed up, just to find out the person responsible no longer works there, and no documentation exists to show how to restore their backups.Companies must rehearse what they would do in the event of a supply chain cyber security attack regularly.
• Test Response Strategies: Recognize that everyone in your C-Suite, leadership, and legal department will have a crucial role to play in deciding how to recover essential data after a supply chain cyber security attack, deciding whether to pay a ransom, and how to communicate a data breach to employees and to customers.
• Never pay the ransom: The reality is that it's not a question of whether cyber-attacks will happen, it's a question of when. When that does happen, you'll want to do anything to restore your data. Hackers know this and rely on your intense desperation to save your business. Remember that paying the ransom will signal to hackers that you are someone willing to pay whatever is necessary and set you up as a future target.
• Training & Responsibility: Historically, people have considered data protection, primarily an IT function. However, operational systems and operation teams need to be deeply invested in the cybersecurity of the firms they support which is existential to protecting our entities. More and more companies really work to shore up controls, making sure that there are shared incentives, processes, and accountability, so that operational systems and the IT systems that underpin them really are thinking about cybersecurity holistically, end to end. Implement cybersecurity across your entire team at least once a year or more.
• Sophisticated Password Management: Password Manager Applications are designed to help create unique, complex passwords. They store them for you in a secure cloud and when you need access to them, and autofill for you. Do not store your passwords in a random note on your phone or computer.
• Balance 3 Pillars of Security: Confidentiality, Integrity, Availability. Too often in the past availability was the main focus for business and they were shortchanging current availability for long term resiliency by potentially short changing confidentiality and integrity.
• Develop Third Party Risk Management: It could be going through multiple teams, extensive onboarding, on-site visits, due diligence questionnaires, SoC 2 reports, etc. All of that comes into play to make sure that your third parties are meeting our cybersecurity and data protection standards. Just as you are.

Hackers count on vulnerabilities of human behavior, phishing emails, and social engineering. They also count on you to be unprepared. Take these tips and get started with revamping your supply chain cyber security today. Do you need to see more? Check out the on-demand keynote session: "The Cyber Security Conundrum".

Share this:

Recommended