By David Jarmon
Today’s supply chain is vast, expanding to every corner of the globe. With this expansion, the threat has increased significantly due to the larger attack surface. Add to that a global pandemic and the need to protect the supply chain has never been more important.
Traditional threats, such as cyber effects, remain and are becoming more sophisticated. Natural disasters have always been a supply chain threat, however, insert COVID-19 and the game changed. All consumers felt the pain.
How do we defend such a dynamic threat to the backbone of how we consume goods and services? Here are tips to achieve a secure and available supply chain.
Determine the information that is the foundation of your company’s success. If lost, what information would disrupt your ability to generate revenue?
Once you answer the question, back up this data. Ensure you have onsite and offsite backups and a plan to reconstitute your systems if required. Data backups and restoration procedures serve as an effective first line of defense against both cyberattacks and natural disasters.
Know your internal supply chain. If you’re reading this, it’s likely you require some form of good or service to be successful. Know who is vital to your supply chain and look for acceptable alternatives.
From a cyber perspective, it’s beneficial to ask suppliers about their cyber hygiene and practices. To the extent possible, do business with companies able to survive a cyber contested event without impacting your business.
For natural disasters, find acceptable suppliers around different parts of the globe that are widely dispersed. You may incur shipping delays, but you’ll maintain essential forward momentum.
Secure your systems. Basic cyber hygiene goes a long way in protecting your information and ensuring availability of your networks.
Multi-factor authentication, least privilege, antivirus software, patch management, and boundary defense are not difficult to implement and often deter adversaries from persistently trying to gain access to your systems. Numerous government and industry standards, such as SANS and NIST, can be used as guidelines.
Consider third-party cyber assessments. There’s no shortage of companies that can quickly assess your cyber hygiene and recommend how to improve your cyber posture. Set aside the money to have these assessments performed annually. It’s cheaper to stay ahead than to recoup lost revenue.
Conduct cyber training with your employees. Your first line of defense will always be your employees. At a minimum, conduct annual, mandatory cyber awareness training.
Purchase cyber training online or conduct it in person. Look for a reputable company that ensures the training is informative and interactive, and holds attendees’ attention.
Plan for the worst. Develop a disaster recovery plan anticipating cyber incidents, natural disasters, political events, and global pandemics. The most important aspect of a disaster recovery plan is to exercise it annually. Conduct a tabletop exercise with scripted scenarios and practice your reactions to help identify any gaps in your plan.
Do your part and dedicate the resources needed to ensure your supply chain is as secure and available as practical. In the end, it’s cheaper to prepare than to recover.