By Simon Taylor, VP Product at Glasswall Solutions
In today’s cybersecurity climate, with high-profile hacks and data breaches constantly in the headlines, businesses are putting more effort than ever into covering all of their bases.
Attributed in part to increasingly stringent compliance regulations and mandatory audits enterprises are placing particular pressure on all of their suppliers, regardless of size, to demonstrate the strength of their cybersecurity defenses.
For supply chain partners, this requirement represents a major challenge. If, for example, a partner or potential partner were to ask your CIO to demonstrate all of the steps your business was taken to ensure the entirety of its data and communications are safe, would it be able to meet baseline compliance standards or pass the audit?
If not, your business could face everything from stiff financial penalties to restrictions on its data, to more frequent audits. And as a result, potential partners would likely avoid your business in favor of a safer supplier.
Whether it is in recruitment, accountancy, law or catering supplies, inadequate security defenses jeopardize the trusted relationship in the supply chain, with failure to demonstrate accountability, compliance and effective reporting critical factors behind the decisions about who does business with whom.
Traditional security solutions will no longer cut it. In addition, the EU General Data Protection Regulation will take effect in just over 15 months, affecting any organization doing business within the EU. Subsequently, it will be imperative for organizations to start implementing solid security strategies and policies in order to ensure that they’re adhering to these new impending regulations.
Among other things, putting these new cybersecurity measures in place will require implementing measurable and reportable intelligence capabilities, not only regarding their own cybersecurity practices, but also those of their partners and suppliers.
Innovation and a strong and sustained focus on the critical and most vulnerable areas of security will be key to staying one step ahead of attackers.
The question is, do enough partner and supplier businesses understand the nature of the threats and what is required to defeat them? Are they able to provide demonstrable reporting to the satisfaction of their legal department when completing supplier cybersecurity questionnaires?
Here are a few ways that organizations can bolster the security stance of their supply chain.
Avoid Security Complacency
Despite the number of high-profile and damaging data leaks that occurred around the globe last year, numerous businesses are still complacent about security. For many organizations, security strategy is tantamount to outdated perimeter solutions that fail to address where the majority of threats are hidden – in file-based malware attacks delivered in email attachments. In fact, email attacks using common file-types such as Word, Excel, PDF or PowerPoint now
One UK company that was hit last year – TalkTalk – made headlines at the end of 2016 after it was fined £400,000 for enabling hackers to steal data associated with nearly 157,000 customers. Had the EU GDPR regulations been in place, this fine could have been as high as £56m based on the up to 4 percent of global revenue’ rule.
For any business with supply chain partners, it is no longer good enough to claim that targeted attacks cannot be prevented or to assert that post-infection detection and response with anti-virus software will effectively resolve the problem
Leverage Next-Generation Technology
For enterprises at the top of the supply chain, there are few effective solutions that will provide adequate defense against deliberate corruption of email-borne documents. One such solution is file-regeneration technology.
As an automated solution file regeneration technology has the ability to disarm malicious files, producing a benign version referenced against the manufacturer’s original standard, while also checking it down to byte level, as opposed to just looking for active content in the body of the document.
From there, the sanitized file is regenerated at sub-second speeds and passed on to users in real-time to maintain business continuity.
The technology protects organizations against the smallest and subtlest alterations in the file structure, detecting for example, where criminals have changed just two bytes in a PDF file in order to crash the reader software and trigger malware or hidden exploits.
In addition, this kind of technology also sanitizes outbound emails, using the same techniques to ensure that no business is ever held responsible for infecting a supply chain partner or client.
Encryption and digital signature-based security may reduce some of the risks from third-party interception, but it will not prevent an organization from unwittingly delivering an infected file, as hackers are now adept at using delayed-action embedded code or structural manipulation, in combination with clever social engineering tactics.
Create a Risk Management Strategy to Ensure You’re a “Safe” Partner
Besides eliminating known and evolving threats, implementing robust and comprehensive security infrastructure and associated strategy puts organizations back in control. For one, it allows them to decide who it’s safe to do business with as part of a broader security and risk management strategy.
It also provides other supply chain partners with the evidence that their organization has adopted the latest solutions known to be effective in combatting file-based threats – the most common source of cyber-attacks – as well as other types of malware.
The net-net is that when organizations implement a solid security and risk management strategy, they will be able to conduct business in full confidence and in turn, are regarded as safe partners for supply chain transactions.
And in the face of an onslaught of emerging threats designed to target the weakest link, CIOs, and CISOs throughout the supply chain will increasingly be required to bolster their own defenses by simultaneously looking out for their partners during every stage in the ongoing battle against cyber-crime.
About the Author
Simon Taylor has worked in Information Technology and Security for over three decades, with extensive experience across product innovation, business development, business transformation, and IT operations management.
He has held senior positions at leading technology and financial services companies across Europe, Asia, Latin America, and North America; with the last ten years at HSBC, where he most recently ran IT Operations across the Americas.
Simon is currently VP of Product and Consultant to the Board of Glasswall Solutions Ltd, the award-winning UK cybersecurity innovator.