Kayne McGladrey, senior member of IEEE, offers valuable tips on how supply chains can shore up their cybersecurity at a time when threats from hackers are greater than ever.

Global supply chains have been under intense strain in recent months, a situation that has been made even worse by the growth of cyber attacks, especially in the form of ransomware. The transportation sector, which has been largely deregulated, needs to adopt recommendations by industry and government organizations for implementing measures that they might have overlooked in years. The price of failing to do so can be high, with ransomware attacks threatening to shut down critical logistics operations for days or even longer.

Ransomware attacks are proliferating today in part because “threat actors follow the news,” says McGladrey. They recognize that organizations under pressure are more likely to quickly pay the demanded ransom in order to regain access to their critical information systems. Hospitals in the pandemic are one sector that is especially vulnerable to such attacks.

In such a perilous environment, it’s essential that companies undertake internal assessments of their cybersecurity efforts. Often that will mean sending vendors a spreadsheet requesting them to assess their own security posture, but such one-time actions aren’t enough, McGladrey says. Third-party assessment services can be valuable partners in validating cybersecurity programs and making suppliers more attractive to their customers. “Having automated control sensing and testing on a periodic basis would be advantageous,” he says, “but if an assessment service does one, you present a better image to the world.”

For the defense industrial base, third-party assessments are no longer an option. The U.S. Department of Defense is now requiring all commercial defense contractors to possess a cybersecurity certification based on a review conducted by a third-party organization.