Am I part of the problem?

Everyone is at risk from a supply chain attack, but are we all aware of our responsibilities? 

 

Photo credit – Miltiadis Fragkidis

miltiadis-fragkidis-2zGTh-S5moM-unsplash
Reading time: 10 min
Craig Houston

The supply chain is evolving, of that there can be no doubt. Just a few short years ago, it was a linear, mostly one-dimensional structure that was relatively easy to police and manage.

However, this is absolutely no longer the case, with many different actors now involved – ranging from start-ups and solo entrepreneurs to multinational corporations. 

Take Amazon as an example. The retail behemoth deals with thousands and thousands of different vendors of different sizes. Each one of those endpoints represents a potential avenue into Amazon’s network and a way of exposing a company that generated revenue of USD 170 billion during the final quarter of 2023. 

The Butterfly Effect

This means that enterprises run the risk of being taken down by a one-person operation running out of the spare bedroom. And this is where the problem lies: while large companies have the understanding and resources to keep themselves safe, smaller businesses either do not consider themselves worthy of an attack or feel they cannot afford to equip themselves with the correct level of security. 

Harri Ruusinen, Director, Global Sales Engineering at WithSecure, believes there is a pattern. “For larger companies, they know the supply chain is critical and the requirements it brings. They understand that Security Compliance needs to be achieved. However, smaller companies are being caught out when they are asked by customers to adhere to protocols. It may well be the case that attackers don’t want your data, but you may well have certain customers that those attackers could utilize.” 

Tuomas Miettinen, WithSecure’s Technical Sales Enablement Manager, believes a breach can do untold damage to smaller businesses. “Often, smaller companies don’t understand that this is the kind of risk they need to prepare for. If they are the root cause of a breach, it can have severe implications because it is all about trust. Once that trust is lost, it is very difficult to get back. The reputational damage to your company has a knock-on effect on your business relationships.” 

Starting point

Getting smaller companies to understand that they could bring down an entire supply chain and permanently alienate customers brings with it a lot of fear. 

“Of course, putting controls in place and gaining visibility can take a whole team. What smaller companies can do is ensure that the building blocks are in place and that they are using secure solutions. They need to make sure they protect all the data they are processing and this is where they can seek out the help of partners,” says Miettinen. 

“You need to ensure you have the preventative, detection, and response capabilities – and expertise – in place. That gives you a better understanding of your exposure and better tools to understand and manage your risks. This means installing Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR), and knowing who you can contact if you suspect a breach. Basically, you need to find a cybersecurity partner who can help you whenever required. After all, it makes sense to align yourself with an expert with decades of frontline experience,” Ruusinen believes.

What next?

What piece of advice would our experts offer for the here and now? “While we have machine learning and AI, we need to remember that sometimes humans are still required to make the final decisions. So, believe it or not, we are still superior! Modern technologies help to eliminate a lot of the noise, add context and create visibility, but humans must still review and make the final decision,” says Miettinen. 

"The starting point is to buy good cloud services. There are a lot of people making sure that the platform is secure, but you need to remember the shared responsibility model and therefore the responsibilities that belong to your organization," Ruusinen concludes.