- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
- I compared a $190 robot vacuum to a $550 one. Here's my buying advice
The Overlooked Risks in Supply Chain Security
Supply chains have become intricate webs of interconnected suppliers, manufacturers, distributors, and consumers who benefit from these associations. While this global ecosystem has ushered in new heights of efficiency and productivity, and streamlined many processes and workflows, it has also exposed vulnerabilities that can jeopardize the security of entire enterprise operations.
Unfortunately, supply chain security is often overlooked, creating vulnerabilities that attackers can exploit. In today’s video, Wolfgang Goerlich, and Dave Lewis, Global Advisory CISOs for Cisco, shed light on risks, assessments, metrics, and collaboration needed to strengthen supply chain security.
According to Goerlich, companies focus on securing the enterprise from external attacks, but neglect third-party vendor access that could provide a backdoor for attackers.
“What’s going to happen if they get breached? What’s going to happen if they already have access to our systems?”
—Wolfgang Goerlich
Generally, Lewis explained, organizations usually “don’t pay mind to the third-party connections we have, [including] the vendors and suppliers that we’re working with that have direct access to our environments.”
It’s important to understand that interdependence creates cyber risks if vendors are breached, while supply chain disruptions threaten operations.
Companies historically have assessed vendor risks through questionnaires. But more rigorous, ongoing methods are needed like technical control evaluations, risk information sharing, and automated data analysis with AI. Qualitative surveys should be augmented with continuous quantitative data about emerging threats.
Additionally, supply chain security is tied to regulations covering assets and data. By calling out supply chain specifically, companies pay more attention to non-linear attack paths via third parties. Attackers always seek creative entries, Lewis said, just like the infamous fish tank used to breach a casino.
“Defenders need to understand that the attackers are not going to come at you in a conventional
sense. They’re going to look at new and exciting ways to give you heartburn.”
—Dave Lewis
Both Lewis and Goerlich detail vital performance indicators (KPIs) to track supply chain security. To learn more straight from the experts, watch the full video below:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: