Insights & White Papers

4 Expert Ways to Mitigate Cybersecurity Risks in Your Supply Chain

By Trent Fisher

Business & Technology Strategy

Trent Fisher

Principal Consultant

Education

B.S. in Business Administration – Management Information Systems from the University of Illinois Urbana-Champaign

Specific Areas of Focus

Business & IT Transformation
Pre/Post Mergers, Acquisitions, and Carve-Outs
Operational Optimization
Technical Due Diligence
Technology Strategy & Insights
Complex Program Management

Trent is a Principal Consultant with primary expertise in IT strategy, delivery assurance, and pre/post-merger integration execution. He specializes in the delivery of business-aligned systems integration, technology implementations, and business threat intelligence, including the CyberHelm Maritime Threat Intelligence offering.

Trent brings more than 15 years of consulting and operations experience with an emphasis on IT transformation, strategy, delivery assurance, and business threat intelligence. Trent has worked with many clients across a variety of industries including automotive, transportation and logistics, oil and gas and utilities, where he has led large-scale program deliveries and rescues.

In his most recent efforts at Liberty Advisor Group, Trent drove the carveout and stand up of over 180 global applications for the divestiture of a $4B company and separately supports the development, sales, and delivery of business threat intelligence efforts, including Cybeta Overwatch and Cyberhelm.

Trent has broad experience in custom solution development, integration, and enterprise mobility, which he uses to shape the best solution based on each clients’ specific needs.

Trent joined Liberty to work with executives to develop high-impact technology solutions that drive business value. He enjoys the challenge consulting brings to solve complex issues and strategic initiatives facing clients, and working with a dynamic team of exceptional colleagues to deliver these solutions.

Education

B.S. in Business Administration – Management Information Systems from the University of Illinois Urbana-Champaign

Disruptive technologies such as cloud technology have great potential to revolutionize how we store data. They're also quite popular with many suppliers using cloud-based or other advanced technology to streamline operations. But as we rejoice in how helpful modern data systems are, cybercriminals are profiting from exploiting the vulnerabilities of weak suppliers and third-party vendor networks.

The remedy is to be as keen, if not keener, than cybercriminals in the integrity of our cyber security. Here are some proven ways to mitigate cybersecurity risks in your supply chain.

1. Establish Strong Communication and Collaboration in the Supply Chain

Open-source software is currently one of the biggest threats to supply chains. Malware such as the notorious NotPetya traveled through systems worldwide through weak accounting open-source software.

To avoid similar attacks, ensure you know who and what is in the supply chain. This way, you get firsthand information on cybersecurity risks in the supply chain. For example, businesses should meet with suppliers, review their security policies, and, if necessary, audit them regularly.

Further, build long-standing relationships with suppliers and partners. This kind of relationship is helpful in two ways. First, it builds trust about what you get and what goes through your systems every time you interact.

Secondly, you can share best practices that work. Often, the information you find online doesn’t work as well as something tried and proven by someone you trust.

It would be best if you also stay informed on potential weaknesses and vulnerabilities. Thanks to methods such as pen testing, you can scan your systems frequently and spot vulnerabilities that need fixing.

Lastly, collaborate with fellow businesses in the supply chain to fortify your systems against cyber attacks. These concerted efforts allow a sector to learn from threats other businesses face and proactively mitigate risks before they affect them.

2. Conduct Regular Risk Assessments of Your Enterprise

A cyber security risk assessment identifies, analyzes, and evaluates risk. The point is to ensure your cyber security controls are a suitable fit for the risks your business and the extended supply chain is most likely to face –for example, counterfeits, unauthorized production, tampering, theft, inserting of malicious software, etc.

Start by identifying potential threats and vulnerabilities. This test should spot vulnerabilities across your systems and their accessories. Ideally, find out where in the supply chain cybercriminals get information, their access points, and dependencies on associated components that may be easier to use as an access point for them to destabilize the components and affect core functions.

Next, evaluate the impact of a potential breach. What are the consequences of a successful attack on the business, employees, and stakeholders? You also need to create a plan to mitigate the risk.

Once the risk mitigation measures are in place, focus on monitoring and updating risk assessments regularly. The criteria for monitoring should be created based on specific triggers that make a change of risk mitigation strategies necessary.

3. Implement Strong Security Controls

Monitoring should be backed by strong security controls –physical, digital, cyber, and cloud security.

To effectively mitigate cybersecurity risks in your supply chain, use the risk assessment’s recommendations to improve your security posture. That may mean creating multiple overlapping layers of security that help to reduce your risk exposure. Alternatively, you could go as far as implementing end-to-end blockchain and hyper-ledger technologies that provide visibility into the supply chain and protect the vulnerable system from subtle threats.

You can refer to frameworks set by trusted authorities such as the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) for ideas on the right security standard.

4. Continuously Monitor and Adapt

While McKinsey reports that 93% of businesses said they are pursuing ways to strengthen the supply chain against security threats, Gartner found only 21% trust that their networks are resilient enough.

There are many ways to improve resilience against cybersecurity risks in your supply chain, but they are only effective if they are backed by insights from continuous monitoring. Cybersecurity monitoring is all about proactive threat detection. By using automated tools to get alerts about a security incident and event management, you set up your organization to efficiently mitigate information security risks before they become full-fledged attacks.

In the supply world, that means continuously monitoring the supply chain for changes and potential threats. You can start by executing a “what’s changed?” analysis every 6-12 months to ensure that their security posture matches your risk tolerance.

How Can You Start?

Find reliable, consistent security monitoring tools, too –ideally, those that collect information from all your endpoints, devices, tools, user activity, etc., based on established metrics across the supply chain in real time. With the information drawn from the monitoring, adjust your security controls, tools, policies, and procedures.

Finally, revisit and update incident response disaster recovery and business continuity plans. These three aspects are vital in ensuring a business bounces back after an attack.

Your incident response plan should be thorough. It’s even better if you can create a cross-functional task force to formulate a plan that addresses more than the technical bits of an incident. Or, hire another company to do it for you.

You could also choose the more dependable cloud-based recovery plan with more resilient protection and backup capabilities.

Also, don’t wait for a major attack to bolster your security strategy. Your business recovery plan should receive just as much forethought. Regular updates informed by trends and expert insights can help you spend a much shorter period to get back on business.

In Conclusion

Above all, adopt a zero-trust mindset when trying to mitigate cybersecurity risks in your supply chain. This way, everyone is seen as a potential avenue for threats and you take measures that prevent that from happening.

Additionally, understand that even with regular meetings among the supply chain player, each entity is responsible for its own security. In that case, only you can protect your systems the best.

Another way to ensure threats stay out of your systems is automating your DevSecOps. This ensures that you can deploy your security activities in real time and they are in sync with your overall business goals.

About Liberty Advisor Group

Liberty Advisor Group is a goal-oriented, client-focused and results-driven consulting firm. We are a lean, hand-picked team of strategists, technologists and entrepreneurs – battle-tested experts with a steadfast, start-up attitude. A team with an average experience of 15+ years with a proven track record in Business and Digital Strategy, Digital Transformation, Data Analytics, Cybersecurity, and Mergers and Acquisitions. Most recently, Liberty was recognized as one of the Best Small and Medium Workplaces in Chicago by Fortune Magazine and Best Places to Work in Chicago by Crain’s Chicago Business.

Learn more on LinkedIn and Twitter.