New Articles

Improving Security Along Your Supply Chain: 7 Pointers

supply chain security ctpat

Improving Security Along Your Supply Chain: 7 Pointers

Disruptions in the supply chain can ripple throughout entire industries. As the world becomes more interconnected, these threats become increasingly worrisome, with widespread issues throughout the COVID-19 pandemic highlighting their severity.

Supply chain attacks rose by 42% in Q1 2021 in the U.S. alone, impacting 7 million people. In light of these rising threats, supply chain security is more important than ever. Here are seven pointers for improving safety.

1. Restrict Access Privileges

One of the primary drivers behind rising supply chain attacks is these networks’ wealth of valuable data. Logistics organizations have gone digital and now generate and store vast amounts of information that cybercriminals can steal or hold for ransom. Restricting access privileges can help mitigate these threats.

The more people have access to a system or database, the more potential entry points there are for cybercriminals. Supply chains can eliminate these vulnerabilities by restricting who can see or interact with which systems. A good practice to follow is the least privilege principle: Only those who absolutely need given data to perform their duties can access it.

Tighter access privileges should pair with thorough authentication measures. Users must verify their identity through multifactor authentication (MFA) before accessing anything they’re authorized to.

2. Verify Third Parties’ Security

Third-party actors are another common vulnerability among supply chains. As an example of how pressing this issue is, the now-infamous SolarWinds hack, the biggest cyberattack of 2020, came from a third party. Hackers gained access to thousands of businesses and agencies by infiltrating SolarWinds, a third-party service they all used.

Supply chains must verify the security of any third party before doing business with them. That can mean asking for proof of security measures, only partnering with certified organizations or auditing third parties’ security through independent specialists.

Organizations should also apply the principle of least privilege here. Third parties should only have access to the systems and data they need and nothing more. That way, a breach on their end will cause minimal damage.

3. Secure All IoT Devices

Many have unknowingly created new vulnerabilities as supply chains have embraced new technologies. The widespread use of Internet of Things (IoT) devices to track inventories and shipments can put supply chains at risk. While these gadgets are extraordinarily helpful, they’re notoriously risky if companies don’t secure them properly.

A seemingly innocuous IoT device can act as a gateway to more sensitive systems and data on the same network. Thankfully, the steps to mitigate this threat are relatively straightforward. First, supply chains should host IoT devices on separate networks from other systems so hackers can’t access more sensitive data through them.

Next, supply chains must encrypt all IoT communications to secure their data transmissions. Encryption is often disabled by default, so this step is easy to overlook. Enabling automatic updates will help keep these devices secure, too.

4. Equip Workers Appropriately

While cyber threats may be the most pressing aspect of supply chain security, organizations shouldn’t neglect physical security, either. Piracy, physical theft and similar crimes are still relevant dangers. Supply chains can protect against these by hiring security staff and equipping them appropriately.

New padding technologies can consist of 0.01% solid material but still provide sufficient protection. Equipment like that will help security workers stay safe while not restricting their comfort or range of motion. Other tools like metal detectors, flashlights and ID scanners can further provide these employees with the utmost protection.

Equipping drivers and other supply chain workers with emergency resources is crucial, too. Radios, medical kits, rations and similar supplies should be standard in trucks, ships and other vehicles.

5. Improve Supply Chain Transparency

Supply chains can improve physical and digital security by increasing transparency. The more an organization can see about its operations, the faster it can respond to any incoming threats.

IoT security systems can let workers monitor cameras from their phones, giving quick access to security information. Similarly, organizations can employ smart sensors to monitor for break-ins, fires, leaks and other threats to alert employees when a situation arises. When companies learn of these risks faster, they can respond more effectively.

Similarly, network monitoring tools can give IT teams insight into potential data breaches. Artificial intelligence (AI) systems can continuously monitor for suspicious activity, alerting workers when there’s a possible cybercrime attempt.

6. Train Employees in Security Best Practices

No matter what other security steps an organization takes, employees must be taught about them. All it takes is one misstep from a worker to jeopardize a supply chain’s security, regardless of how strong its other defenses are. For this reason, as many as 85% of data breaches result from human error.

Every employee should receive security training covering relevant risks, best practices and emergency procedures. It’s important to stress why these methods are important so workers understand the gravity of their actions in some situations.

In addition to initial security training sessions, supply chain organizations should host regular refresher training. That way, proper procedures will remain fresh in employees’ minds, preventing mistakes related to them forgetting best practices.

7. Create an Incident Response Plan

Supply chains must understand that no defense system is perfect. Disruptions in this industry are too risky, and it’s likely they will someday experience an emergency. They should create a formal incident response plan to enable quick, effective action should an unexpected event occur.

More than half of all companies have experienced downtime that’s lasted eight hours or more in the past five years. Supply chains can prevent this through a disaster recovery plan. What this looks like will vary among organizations, but it should include backup resources, communication strategies, specific protocols for each department and contingency plans.

Supply chains don’t need to prepare for every emergency but should determine which events are the most likely or potentially destructive. These incidents deserve formal, detailed response plans, which all employees should know. To ensure ongoing efficacy, organizations should periodically review and update these plans.

Supply Chain Security Is Essential

If a supply chain experiences a security breach, it could affect far more than the logistics company itself. That risk, coupled with the rising trend of supply chain attacks, makes these security steps essential.

These seven points are not a comprehensive list of security procedures but cover the most important factors. Supply chain organizations should ensure they consider these steps and take further action if necessary.

insurance

Understanding Cyber Liability Insurance: Securing System Access to Secure Coverage

Organizations purchase cyber liability insurance as a way to mitigate the impact of data security incidents. However, as with any liability policy, cyber risk insurance incorporates a set of exclusions that allow insurance companies to deny coverage. While most policyholders and insurance professionals assume that external monitoring acts as the only way to ensure coverage and reduce the likelihood of costly coverage litigation, digital transformation has shifted the perimeter away from external controls such as firewalls towards a more focused approach on identity and access.

Understanding Cyber Insurance Exclusions

Everyone reads the Insuring Agreement, or the part of an insurance policy that provides coverage. Typically, this section lists out all of the events for which an organization can submit a claim. For example, many cyber insurance policies will cover unauthorized access to systems, networks, and software that leads to a data security event.

However, as in life, all promises come with conditions. In the insurance world, conditions are called the exclusions, or the activities that are reasons allowing an insurance company to deny coverage. Generally located at the end of a policy, these may seem logical. For example, in a cyber-risk policy, an insurer does not need to cover the loss if the policyholder failed to enforce reasonable security practices and systems maintenance procedures.

In other words, if a data security event is the result of failure to enforce best security practices, the insurance company can deny the claim.

Why Identity and Access Matter to Data Security

As evidenced by the recent Twitter breach, cybercriminals increasingly target users as a way to gain unauthorized access to privileged locations in an organization’s IT ecosystem. This tactic makes sense in many ways because privileged accounts traditionally have universal access to an organization’s most important services and data.

For example, to do their job, IT administrators need nearly unfettered access to an organization’s ecosystem. They need to create accounts and grant access to other users. However, that also makes them a high-risk user. They could conceivably create fake accounts and grant themselves privileged access then engage in malicious data theft or credential theft, moving around in the organization’s systems and networks without looking suspicious.

Similar to the Twitter breach, this type of activity is hard to recognize unless the organization is actively monitoring who has access, how they use their access, what they access, and why they need it.

Enforcing Identity and Access Controls as Data Security Best Practices

Data security best practices pose problems for organizations as no set definition exists because cybercriminals continue to evolve their methodologies. With most organizations embracing remote workforces for the foreseeable future, on-premises security controls no longer provide the necessary protection. In order to secure data and protect privacy, companies should look to the Identity perimeter to limit access and monitor privileged access within their ecosystems.

Enable Zero Trust

Zero trust, aka “never trust, always verify,” is a cornerstone of enforcing identity. This is widely becoming not just best practice, but a table stakes identity and access management strategy – especially for users with elevated privileges. In a business application landscape overrun by phishing and brute force attacks, there is little confidence in usernames and passwords being the primary driver for identity and access management. That’s not to say that usernames and passwords don’t have their seat at the table, but they can’t be sitting alone. Combining them with dynamic controls that evaluate the context of access to determine risk is critical. Trusting the same access privileges, no matter what the circumstances, will lead to security threats. IT leaders must assume that cybercrime can circumvent their perimeter identity controls and be acting accordingly.

Apply the Principle of Least Privilege (PoLP)

The first step to creating best Identity and Access Management (IAM) practices is to ensure all users have only the access they need to fulfill their job functions and nothing more. For example, someone in human resources (HR) might need access to an employee’s address, but that individual may not need all the banking information attached to the record if they are not in the payroll area.

Enabling PoLP Using Attribute-Based Access Controls

For legacy business applications, PoLP is a non-starter because access governance is dictated by static, roles-based access controls (RBAC). For example, an HR manager needs a certain set of rights within the organization’s system. However, RBAC only limits access based on what the user does in the company (unless manually changed). With attribute-based access controls (ABAC), organizations can set additional contextual attributes such as geographical location, IP address, or time of day. This additional context allows the organization to limit access to high-risk resources on a more detailed level. With the explosion of remote work, ABAC provides a way to limit users’ access when the organization has determined that a location or time of day would be considered riskier. For example, someone using a public WiFi is at a higher risk of a man in the middle attack than someone using their home WiFi. If the organization sets trustworthy IP addresses, users cannot access sensitive information from public WiFis, reducing the attack surface.

Continuously Monitor Access

The same continuous monitoring mantra that exists at the network perimeter also holds true at the Identity perimeter. With user access monitoring, organizations can review the resources accessed to ensure they are appropriate to the users’ needs. Organizations need a way to detect suspicious access to sensitive information. For example, if an HR representative is accessing healthcare information at 2:00 AM, the organization needs to know whether that employee typically works late at night or whether this is an outlier signaling a potential data security incident. Without visibility into when and how users interact with data, organizations cannot prove that they enforced their access policies as a best practice.

Digital Transformation, Remote Work, and Securing Coverage

Digital transformation, accelerated by the rapid move to remote workforces, streamlines productivity but also increases risks. With more users connecting more devices from more places at less regular times, identity and access is an integral part of an organization’s data security.

Establishing and enforcing strict access policies is now more important than ever before. Malicious actors will continue to look for user accounts that act as back doors to organizations’ systems, networks, and software. In order to secure cyber liability coverage, companies need to be more actively engaged in monitoring access and mitigating potential threats arising from compromised accounts.

____________________________________________________________

Piyush Pandey, CEO at Appsian (www.appsian.com) is a technology executive with 19 years of global experience in strategy, sales, mergers & acquisitions, and operations within software companies. Over the last 10 years, he has worked with enterprise software companies including Oracle, Epicor, Concur, Citrix and Microsoft on various transactions. He has held various leadership positions at Procera, Deutsche Bank, Stifel, Wipro Technologies and a wireless startup.

A 5-step guide to managing cyber threats in the supply chain

When Danish shipping giant A.P. Moller-Maersk was attacked by the NotPetya malware in 2017, access to its electronic booking systems was blocked and ultimately forced a 10-day overhaul of its entire IT infrastructure.

The malicious attack still remains one of the largest disruptions to affect the global shipping industry to date. As a result of lost bookings and terminal downtime, Maersk incurred a massive US$300 million (€264 million) loss.

With the increasing sophistication of cyber threats, companies worldwide have to brace themselves for a new reality where supply chain disruptions are no longer restricted to those of a physical form. Cyber-attacks have the potential to disrupt or, at its worst, cripple the logistics and supply chain operations of an entire business across different geographies.

Instead of adopting a reactive approach to cyber security, companies should actively prevent and manage such cyber risks by devising a response plan with the following five steps.

Identify third-party risks

To successfully thwart future cyber-attacks, companies have to first determine which vendors or third-party entities have access to their firewall and could have the largest impact to the organization in a worst-case scenario.

When selecting possible vendors to work with, it is best to consider the amount of sensitive data that the vendor is handling, such as personally identifiable data, protected health information or financial transactions. With this knowledge, suitable mitigation measures must then be introduced to safeguard the sensitive data.

Monitor the cyber threat environment

As cyber threats are continuously evolving and news reports of a cyber-incident become known, it is a continuous effort to assess and understand events impacting the vendors or third-party entities that your organization works with.

The ability to persistently monitor one’s supply chain and the cyber threat environment will be the best determinant in responding adequately to a cyber-incident.

For instance, a year on from the cyber-attack on Maersk, Chinese state-owned shipping conglomerate COSCO Group managed to contain the damage and limit the length of disruption when its shipping operations in the Americas suffered a ransomware attack.
Though its shipping operations in the Americas came to a momentary standstill, the company’s swift response efforts and preemptive network segmentation prevented the escalation of the attack, allowing regular operations to resume within a week without significant damage.

Assess potential impact

Organizations should possess the capability to gauge the extent of the potential impact a cyber-attack can have on its business operations.

Knowing the nature of each cyber-attack can better equip companies by facilitating understanding, communication and coordination along its supply chain.

Types of cyber attacks

·Data breach: Release of secure information to an untrusted environment, including trade data, schematics, manufacturing systems, shipping data, and other confidential company information
·Ransomware: A form of malware which encrypts a user or end system, rendering all data within inaccessible, and demanding the payment of ransom to decrypt
·Denial of service: A cyber-attack performed by many actors to render a firm’s website or system unavailable to users
·Vulnerability: The discovery of a weakness, known or unknown, which may be exploited by a threat actor to perform unauthorized actions on a system
·Phishing: A fraudulent attempt to obtain security credentials from entry to executive levels for malicious purposes

Conducting a risk assessment on the areas of vulnerability from multiple angles will help companies measure the potential risk and threat of a sudden attack on its supply chain.

Develop risk scenarios and emergency protocols

Without emergency protocols established or adhered to in the event of a cyber-attack, it will likely cause confusion that leads to disruption in the supply chain. Companies need to train its employees on potential threat scenarios and develop corresponding response plans to tackle different situations.

Often, these response processes might involve the use of advanced technology and human intelligence analysis. Having established the protocols and trained employees on their respective emergency response roles, the company will then be well-prepared to implement the appropriate measures to mitigate the potential damage inflicted by a cyber-attack.

Communicate relevant actions to stakeholders

When a threat has been identified, it is imperative to investigate the matter internally and cascade information in a timely manner within the organization before alerting the relevant authorities. Once more details emerge and the nature of the threat is confirmed, organizations should pro-actively inform all stakeholders who have been affected, while activating the emergency response teams to rectify the issue.

With the threat of cyber-attacks looming large, companies need to take control and ready themselves with a proper response plan and top-notch cyber security practices to protect their supply chain.

Shehrina spearheads the supply chain risk monitoring capabilities for Resilience360. Resilience360 offers end-to-end supply chain risk management, alerting customers about supply chain incidents globally and risks to their global supply chain in almost real time. The platform helps companies handle an ever-changing world by assessing the impact of natural disasters, changing regulatory environments, and other supply chain risks. With Resilience360, businesses can visualize their supply chains end-to-end, use machine learning capabilities to detect early warnings of incidents that can disrupt their supply chain and it will allow customers to preemptively respond and minimize business interruption.

This article was originally published on DHL’s Logistics of Things. Read more on how logistics impacts business, builds lasting connections and drives innovation.