With triple extortion scams on the rise, supply chain organizations need to use a layered defense model to get ahead of cybersecurity risks. In a keynote session at LogiCon24, speaker, Rachel Wilson, spoke in detail on tactics for supply chain cybersecurity risk mitigation. Here are 10 tips for avoiding and managing cyber-attacks.
1. Patch and Update Devices
Supply chains are supported by countless technology devices with multiple software solutions installed. These software manufacturers are constantly discovering new flaws, bugs, and weaknesses in their code. They fix these vulnerabilities by issuing patches to the consumers. It’s crucial to apply these patches promptly and thoroughly, as the release of a patch initiates a race against hackers who aim to exploit the vulnerabilities.
2. Backup Data and Systems
Use a 3,2,1, strategy to back up data. Have three copies of your data, in two geographically dispersed locations, and ensure one copy is off-network.
3. Move to Cloud-Based Software
Take advantage of natively available security resources in cloud-based systems and processes like, strong encryption, entitlements and access management, delegated access, and strong authorization. Cloud-based software can also allow users to choose to automatically run backups and patch updates. In addition, to reducing cyber risks, organizations using cloud technology can respond more quickly to other risks along their supply chain.
4. Audit Backup Process
Often companies think their data is backed up, just to find out the person responsible no longer works there, and no documentation exists to show how to restore their backups. Companies must rehearse regularly what they would do if a supply chain cyber security attack occurs.
5. Test Response Strategies
Recognize that everyone in your C-Suite, leadership, and legal department will have a crucial role to play in deciding how to recover essential data after a supply chain cyber security attack, deciding whether to pay a ransom, and how to communicate a data breach to employees and to customers.
6. Never Pay the Ransom
The reality is that it’s not a question of whether cyber-attacks will happen, it’s a question of when. When that does happen, you’ll want to do anything to restore your data. Hackers know this and rely on your intense desperation to save your business. Remember that paying the ransom will signal to hackers that you are someone willing to pay whatever is necessary and set you up as a future target.
“Ransom ware has caused $20 billion in losses in just the last year. And are on track to see record losses in 2024.” – Rachel Wilson, Director of Cybersecurity, Morgan Stanley Wealth Management
7. Training & Responsibility
Historically, people have considered data protection, primarily an IT function. However, operational systems and operation teams need to be deeply invested in the cybersecurity of the firms they support. More companies are working to improve controls. They want to ensure shared incentives, processes, and accountability. This way, operational systems and IT systems focus on cybersecurity as a whole, from start to finish. Implement cybersecurity across your entire team at least once a year or more.
8. Sophisticated Password Management
Password manager applications are designed to create and store unique, complex passwords. They store them for you in a secure cloud and when you need access to them, and autofill for you. Do not store your passwords in a random note on your phone or computer.
9. Balance Three Pillars of Security
Confidentiality. Integrity. Availability. Prioritizing availability at the expense of integrity and confidentiality can compromise long-term resilience.
10. Develop Third Party Risk Management
Organizations balance a large list of vendors along their supply chain. To make sure your third parties are meeting cybersecurity and data protection standards, requires putting them through extensive onboarding, on-site visits, due diligence questionnaires, SoC 2 reports, and more.
Hackers count on vulnerabilities of human behavior, phishing emails, and social engineering. They also count on you to be unprepared. Take these tips and get started with revamping your supply chain cybersecurity today.
Do you need to see more? Check out the on-demand keynote session: “The Cyber Security Conundrum“.