Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at some of the cybersecurity strategies for supply chains.
Cyberattacks have been increasing, and supply chains have taken a hit. In 2022, the United States witnessed a surge in supply chain cyberattacks, which affected 1,743 entities—the highest reported figure since 2017. The number of impacted entities has experienced a remarkable year-over-year increase of around 235%.
In the past few years, there have been some impactful supply chain attacks. One such incident was the 2020 SolarWinds cyberattack. The supply chain breach occurred on the Orion Platform, SolarWinds’ network management software. The breach compromised the data, networks, and systems of thousands of entities, including government organizations. The number of affected organizations was so large because the hack did not just expose SolarWinds users but also the data of the users’ customers and partners as well. So the number of victims grew exponentially from there. To date, this stands as one of the largest supply chain attacks to ever occur.
What we can learn from this infamous, massive cyberattack is that organizations have targets on their backs, and the only way to safeguard against these evolving threats is to formulate robust cybersecurity strategies.
Let’s discuss a few of the strategies that can effectively safeguard the supply chain of an organization.
1. Least privilege access
What’s the use of the marketing team having access to the manufacturing pipeline? None. There can be many instances of irrelevant, unnecessary access within an organization, but it is a good practice to give each user access to only the resources they absolutely need.
Within an organization, there are multiple levels of access to resources, and sometimes they are provided without clear intentions. When there are no guidelines set for the access levels in an organization, it leaves room for misuse of access, either accidentally or intentionally.
The principle of least privilege is one of the central tenets of Zero Trust architecture, and for good reason. By restricting users’ access according to their roles and responsibilities, potential threats can be effectively contained.
Access given to individuals must be logged and periodically reviewed for relevance, and the approval process for all access within the organization must be well-defined. These steps prevent individuals from unnecessarily accessing information that they don’t require, keeping access to data and the network relatively controlled.
2. Network segmentation
Compartmentalize your network to contain any hack that might occur in your supply chain. Even though we must strive to prevent network hacking at any cost, we must also consider the possibility of a supply chain hack and look for ways to contain one in case it happens. To avoid a process shutdown, segment your network; this makes it hard for a hacker to pass through the network.
On what basis should you segment your network? Segment your network based on the purposes and trust levels of the devices connected to the network. For instance, the production, sales, transportation, and research departments could each have separate networks, with restricted access given for the devices connected to these networks based on the requirements.
3. Software composition analysis
While it’s okay to use third-party codes in your supply chain processes, it’s important to monitor the codes and scan for vulnerabilities. Third-party codes can help you solve your problems quickly; however, while using the codes, you’re also at risk of adopting the security risks found in them. Performing software composition analysis (SCA) can help you identify vulnerabilities in third-party codes and prevent potential backdoors.
Closing thoughts
Cyberthreats are one of the main concerns for organizations in recent days, and security risks in supply chains in particular are causing heightened anxiety. To address this, you can start by implementing a few essential cybersecurity measures for your supply chain. Implementing least privilege access, segmenting your network, and performing SCA are some of the ways you can effectively protect your supply chain from cybersecurity risks.
