Read more on Cisco Blogs<\/a><\/p>\n\u200b<\/p>\n
Supply chains have become intricate webs of interconnected suppliers, manufacturers, distributors, and consumers who benefit from these associations. While this global ecosystem has ushered in new heights of efficiency and productivity, and streamlined many processes and workflows, it has also exposed vulnerabilities that can jeopardize the security of entire enterprise operations.<\/p>\n
Unfortunately, supply chain security is often overlooked, creating vulnerabilities that attackers can exploit. In today\u2019s video, Wolfgang Goerlich, and Dave Lewis, Global Advisory CISOs for Cisco, shed light on risks, assessments, metrics, and collaboration needed to strengthen supply chain security.<\/p>\n
According to Goerlich, companies focus on securing the enterprise from external attacks, but neglect third-party vendor access that could provide a backdoor for attackers.<\/p>\n
\u201cWhat\u2019s going to happen if they get breached? What\u2019s going to happen if they already have access to our systems?\u201d\u2014Wolfgang Goerlich<\/strong><\/em><\/p>\nGenerally, Lewis explained, organizations usually \u201cdon\u2019t pay mind to the third-party connections we have, [including] the vendors and suppliers that we\u2019re working with that have direct access to our environments.\u201d<\/p>\n
It\u2019s important to understand that interdependence creates cyber risks if vendors are breached, while supply chain disruptions threaten operations.<\/p>\n
Companies historically have assessed vendor risks through questionnaires. But more rigorous, ongoing methods are needed like technical control evaluations, risk information sharing, and automated data analysis with AI. Qualitative surveys should be augmented with continuous quantitative data about emerging threats.<\/p>\n
Additionally, supply chain security is tied to regulations covering assets and data. By calling out supply chain specifically, companies pay more attention to non-linear attack paths via third parties. Attackers always seek creative entries, Lewis said, just like the infamous fish tank used to breach a casino.<\/p>\n
\u201cDefenders need to understand that the attackers are not going to come at you in a conventional
\nsense. They\u2019re going to look at new and exciting ways to give you heartburn.\u201d\u2014Dave Lewis<\/strong><\/em><\/p>\nBoth Lewis and Goerlich detail vital performance indicators (KPIs) to track supply chain security. To learn more straight from the experts, watch the full video below:<\/p>\n