Share with Your Network
Modern supply chains, held together by a series of trusted relationships and digital handshakes, can be massively complex and difficult for cybersecurity professionals to police. Just ask the 18,000 organizations reportedly infiltrated due to the 2020 SolarWinds attack. The supply chains served by SolarWinds’ Orion IT management system offered a ripe target for bad actors: All hackers had to do was inject malicious code into a single trusted application used in the supply chains of 33,000 companies. Before long, said White House officials, nine federal agencies, and some 100 private companies had been badly compromised.
A vulnerability in key supply chain components, particularly in widely used and trusted third-party applications and services, can give attackers outsized leverage. One hack can elicit maximum damage. Unfortunately, most organizations have little visibility into the intricacies of their supply chain and even less control over it. This makes them woefully ill-equipped to secure it.
The more you know
Jerry Gamblin, director of security research at Kenna Security at Cisco, often asks security professionals to take a pause when they start talking about securing their supply chain. Because Gamblin knows the first step in locking down your supply chain isn’t so much about securing as it is inventory taking. You must learn all you can about the various suppliers, software interdependencies, transactions, and data transfers involved in serving your business. Without that knowledge, you’re not going to get anywhere close to locking down the various links in your chain.
To understand why Gamblin points to the cartoon below. It’s funny, because…well, 2003. And you can just picture that random person in Nebraska toiling away on this utility or widget or whatever it is while he complains about management moving his desk. But the joke isn’t on him. Because the cartoon illustrates how this digital house of cards is riding on this one person’s ability to keep that funky piece of software safe. And we have to wonder: Is the organization at the top of this supply chain even aware this piece of software exists?
Watch the webinar
That’s just one of many questions worth asking–and answering–in a webinar hosted by Jerry Gamblin. In “Supply Chain Security 101: Understanding Your Supply Chain and Your Risks,” Gamblin breaks down supply chain security basics and helps unpack what it takes to understand what you’re working with and then define a path forward to make that chain worthy of your trust.
Register for this on-demand webinar to learn:
- What exactly is a supply chain
- What supply chain security is—and more importantly, what it isn’t
- How to better understand your chain and what it does
- Where your risks lie and what that means for your plan
- Why supply chain security can amplify your risk management efforts
You’ll also earn one CPE credit through ISC² by watching this webinar.
Don’t wait to discover how to start your supply chain security journey. Register today.
