Understanding Supply Chain Attacks - How to Protect Your Supply

Understanding Supply Chain Attacks - How to Protect Your Supply

Supply chain attacks threatened the interconnectedness of global markets. It is common for multiple customers to rely on the same supplier. Therefore, a single cyberattack could potentially have a large-scale national or cross-border impact. Suppliers are at a disadvantage because they are becoming the weakest link on the supply chain. Because of this, they need to be better protected against the risk of cyberattacks. However, customers also need to practice increased due diligence with selecting and vetting their suppliers and manage the risk that can stem such relationships.

In our first article- Understanding Supply Chain Attacks - What You Need to Know, we provided an outline of the supply chain and the classification of supply chain attacks.

Managing Supply Chain Cybersecurity Risk

To manage supply chain cybersecurity risk, customers should:

  • Identify and document types of service providers and suppliers
  • Understand the risk criteria for different types of services and suppliers
  • Assess their supply chain risk
  • Define guidelines for risk treatment based on good practices
  • Monitor supply chain threats and risks
  • Make their teams aware of the risk

Managing the Relationship to Suppliers

To manage supplier relationships, customers should:

  • Manage suppliers over the entire lifecycle of a service or product
  • Classify what information and assets are to be shared or made accessible to suppliers
  • Define obligations of suppliers to protect customers’ assets
  • Define security requirements of acquired products and services
  • Monitor performance and conduct routine security audits
  • Receive assurance of service providers and suppliers that no hidden features or backdoors exist
  • Ensure regulatory and legal requirements at considered
  • Define processes for managing changes in supplier agreements

What About the Responsibilities of Suppliers?

Suppliers are tasked with the responsibility of ensuring the secure development of products and services according to commonly accepted security practices by:

  • Ensuring that cybersecurity practices are followed for infrastructure used to design, develop, manufacture and deliver products, services and components
  • Implementing processes for product development, maintenance and support that is consistent with commonly accepted product development processes
  • Basing product category and risks according to applicability of technical requirements
  • Providing conformance statements to customers for known standards, such as ISO/IEC 27001, IEC 62443-4-1, and IEC 62433-4-2
  • Maintaining accurate and up-to-date data on software code and applying controls to internal and third-party software components, services, and tools
  • Perform regular audits to ensure compliance to the above measures are met

Suppliers Should Implement Good Practices for Vulnerability Management

As with any product or service built with components and software present in software development processes, suppliers should:

  • Monitor internal, external and third-party components for security vulnerabilities
  • Conduct risk analysis of vulnerabilities
  • Maintain processes for secure patch delivery
  • Inform customers of processes

What Can Be Learned from ENISA’s Report

The cost to directly attack a well-protected organization continues to increase. Therefore, attackers are focusing their efforts on supply chains instead. The number of security threats and failures facing supply chains also continues to increase.

Supply chain attacks are often complex and require careful planning over months or years. Attacks on suppliers can have far reaching consequences. Suppliers should continue establishing good practices regarding cybersecurity.

Verwandte Produkte

Verwandte Produkte

To find more press releases related with below topics, click on one of the keywords:

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.
Sie haben zwei verschiedene Arten von Downloads ausgewählt, so dass Sie verschiedene Formulare absenden müssen, die Sie über die beiden Tabs auswählen können.

Ihre Download-Sammlung:

    Direkt nach dem Absenden des Formulars erhalten Sie die Links zu den von Ihnen ausgewählten Downloads.

    Ihre Download-Sammlung:

      Für diese Art von Dokumenten muss Ihre E-Mail Adresse verifiziert werden. Sie erhalten die Links für die von Ihnen ausgewählten Downloads per E-Mail, nachdem Sie das unten stehende Formular abgeschickt haben.

      Downloads von Utimaco

      Besuchen Sie unseren Download-Bereich und wählen Sie aus: Broschüren, Datenblätter, White-Papers und vieles mehr. 

      Fast alle können Sie direkt ansehen und speichern (indem Sie auf den Download-Button klicken).

      Für einige Dokumente muss zunächst Ihre E-Mail-Adresse verifiziert werden. Der Button enthält dann ein E-Mail-Symbol.

      Download via e-mail


      Der Klick auf einen solchen Button öffnet ein Online-Formular, das Sie bitte ausfüllen und abschicken. Sie können mehrere Downloads dieser Art sammeln und die Links per E-Mail erhalten, indem Sie nur ein Formular für alle gewählten Downloads ausfüllen. Ihre aktuelle Sammlung ist leer.