How secure is your supply chain?


Written by Laurent Brickell, Chief Information Officer, CoreBlue

Your software supply chain is complex and as your business continues on a digital evolution, this complexity and reliance on external suppliers and systems, will only increase over time. 

Firstly let’s explore what consists of a software supply chain, as outlined below:

  • Binaries
  • Other components
  • Repositories
  • 3rd party suppliers

However it also includes:

  • Who wrote it
  • Deployment and hosting
  • When it was contributed
  • How it’s been reviewed for security issues
  • Everything that touches it at any point

No matter what sector you’re in or the size of your business, attacks are on the rise and cyber criminals are continuously creating new ways to infiltrate your systems. 

Below we outline some of the key risk factors associated with supply chain attacks:

  • Credential access is seen as the number one risk factor for organisations
  • Machine identities now outnumber human ones in the average organization by a factor of 45x
  • 64% of security leaders admit an attack on their organization originating from a compromised software supplier could not be stopped

CyberArk, 2022 Identify Security Threat Landscape (2022)

If your orgsanisation was to experience a supply chain attack, the disruption it would cause would not only result in lost revenue and operational disturbance but also major reputational damage, especially if like the players above it makes the headlines. 

The good news is that there are ways to protect your supply chain from attack and the first thing to consider is your partners. Your partners are your greatest defence

During this webinar we outline things you must consider when it comes to your partnerships, such as:

  • ISO certification – this is not a measure of security
  • Audits aren’t all that they seem
  • What expectations have you laid out with your suppliers?
  • What authentication methods do you require?
  • What standards do you want to follow? 
  • Is OWASP top 10 appropriate for your needs?

We also explore the ways in which you can protect your organisation, including:

  1. Shared responsibility model
  2. Audits and certifications
  3. Partners and suppliers
  4. Staffing and skills
  5. Security as a culture

If you consider supply chain security management as a fundamental strategy within your business, you will be in a much better position to protect your system from attack. 

More thought leadership

Comments are closed.