In the digital age, long and complex supply chains have become the norm for many businesses. From large corporations to small to medium enterprises (SMEs), plenty of businesses now engage in supply chains that often encompass a long list of collaborators and suppliers. While this connectivity has undoubtedly benefited international commerce, it’s not without its downsides.
Regardless of their size or industry, many supply chains are rife with cybersecurity threats. From phishing campaigns and identity theft to email-based impersonation attacks, threats can have costly, often catastrophic effects on targeted businesses. While cyber supply-chain risk management has always been a key concern amongst cybersecurity experts, its importance has only grown during the COVID-19 pandemic. According to a survey conducted by Deloitte, 40% of respondents report having been subject to a cyber incident in the last 12 months. As the pandemic continues indefinitely, it’s likely that these figures will only rise.
Given that high volumes of money and sensitive information are transmitted along supply chains, it’s no surprise that supply-chain breaches can have devastating effects. Unpredictability is a key feature of supply-chain attacks, with businesses having no way of knowing either when an attack may emerge and who it may come from.
Crucially, supply-chain cybersecurity threats don’t just come from garden variety cybercriminals: They can also come from larger, established entities including government agencies. In a high profile case in the second half of 2019, the infamous Chinese cyber espionage group APT10 acted on behalf of the Chinese Ministry of State Security to launch a malicious cyberattack targeting sensitive commercial data in other parts of Asia, Europe, and the United States. Against this backdrop, constant vigilance and adequate cybersecurity measures are the best first line of defense.
Best Practices in Cyber Risk Management
Although the threat of supply-chain attacks is understandably daunting, there are a number of steps that businesses can take to mitigate risk and protect themselves. Measures for internet security for businesses should span the entire supply chain, and should be regularly evaluated and refined to ensure ongoing efficacy.
At a basic level, these measures should include:
Although the above cybersecurity measures can all play a vital role in securing your business against supply-chain attacks, MFA is by far one of the best ways to secure devices throughout the supply chain. By requiring users to provide two or more separate login credentials before gaining access to a file or system, MFA can help provide stronger security. The use of two or more credentials means that unlike regular passwords, MFA credentials cannot be easily shared or used across multiple accounts.
Many platforms and devices now provide an MFA option in the security settings, and typically require credentials comprising two or more of the following:
In all cases, implementing MFA is an inexpensive security add-on that is typically fairly straightforward and easy to implement. As a minimum, all it requires is informing users that additional security measures are in place and prompting them to prepare accordingly.
Supply-chain attacks can be catastrophic for businesses of all sizes, ranging from smaller mom-and-pop operations to multinational corporations. Taking adequate measures to protect your business from this type of cybersecurity threat, such as implementing MFA, can protect your sensitive information and ensure your supply chain remains secure.
For enhanced protection, consider pairing the above measures with cybersecurity software such as version 3.0 of ESET’s Secure Authentication (ESA). This MFA solution ensures that businesses of all sizes can secure devices on their network, meet relevant compliance requirements, and prevent data breaches.
Kelly Johnson is country manager at ESET Australia, a global cybersecurity provider.
Timely, incisive articles delivered directly to your inbox.