Find out how to protect your business from being the weak security link in the digital supply chain
The way we do business has completely changed over the last several years. Paper trails have been replaced with digital footprints and tech-savvy solutions are flooding the market. This move to digitization can be wonderful for modern businesses. It increases business efficiency and speed, especially when it comes to supply chains. A new vendor, third-party software provider, or partner can be connected to a business with the click of a button, but the security posture of new business partners can often be overlooked — exposing you and other companies in your supply chain to increased risk.
Digital transformation initiatives are creating a more vulnerable landscape for businesses. Finding and onboarding new partners may be easier than ever, but these increased connections between companies aren’t always secure and cyberattackers can use them to access data. According to a survey conducted in 2018 by the Ponemon Institute, 56% of organizations have had a data breach that was caused by one of their vendors. Most notably, Target experienced a wide-scale breach in 2014 that affected upwards of 70 million customers due to its HVAC supplier, Fazio Mechanical Services (FMS). Once hackers gained access to the smaller target, FMS, they were able to gain access to Target’s network through the digital supply chain.
IT leaders are often aware of the risks, but aren’t sure how to implement the necessary precautions. According to a Spiceworks survey, 44% of security and IT leaders said their companies had experienced a significant, business-altering data breach caused by a vendor. Nearly 250 companies that participated in the survey said they experienced a data breach because of security lapses in one of their suppliers. But, shunning suppliers and distributors isn’t a viable option. The answer is to ensure visibility into your supply chain and strike a balance between connectivity and security.
Vendors, partners, suppliers, distributors, or any third-party entity involved with a business make up supply chains. Outsourced connections could be handling accounts payable, product development, website management, or in Target’s case, even maintaining physical facilities. Having an endless digital supply chain creates an issue with data privacy. In today’s environment, data is flowing not only through a company, but between third parties, partners, and between users and their devices as well. This is why data breaches are so common. Access points for data are everywhere and safeguarding private information can be daunting and expensive – especially for small to medium businesses (SMBs) who have turned into an attractive target for cybercriminals. Nearly half of cyberattacks and breaches are now directed at SMBs. Why is that?
Supply chain attackers target SMBs to gain access to larger enterprises through any digital connection. For example, Equifax blamed its huge data breach on a flaw in an outside company it was using. The attackers simply targeted a smaller company with less security. More recently, Freedom Mobile, a wireless phone provider in Canada, announced a widespread breach that was caused by a security hole created by a third-party service it was using. This is why it’s important to monitor the links on your digital supply chain and for SMBs to have enterprise-level protection in place.
You may be wondering what the implications are for SMBs. What happens if you’re identified as the weakest link? Not only do you risk being the source of infection for multiple companies, you risk destroying your own business as well. According to the Ponemon Institute, it costs small businesses on average $690,000 to regroup after a hack, and over $1 million for mid-market companies. This may seem trivial in comparison to high-profile enterprise breaches, but SMBs are often unable to continue normal business operations — they even risk losing their companies altogether.
The cost of rebooting operations, lost productivity, and system repairs are not the only negative impact to SMBs affected by supply chain attacks. The European Union’s General Data Protection Regulations (GDPR) can affect SMBs who collect personally identifiable information. These regulations include mandatory breach reporting, with fines for organizations that don’t report a breach within 72 hours of detection. The penalties are steep, going up to 4% of global annual revenue or 20 million euros ($22.4 million), whichever amount is higher.
It’s quite clear how devastating breaches can be. Digital connectivity is only putting a bigger target on small and medium businesses. So how do SMBs lock down their link in the chain?
The first step in securing your network is education. Holding trainings, informative meetings, webinars, or even sending email reminders can help employees spot phishing tactics and fake websites. It’s important to stress the impact of a hack or breach on the business to motivate employees to be more careful.Monitor accounts and access levels
Only necessary users within your organization should be granted administrative access to tools and platforms. Old accounts of former employees or former partners should be removed. Keeping track of this is critical. Account passwords should be changed regularly, with strong password combinations and two-factor authentication. Remain aware of any applications or programs your employees are accessing from company devices; implementing content filtering or a secure web gateway can also help protect users from unsecured web pages.Keep software patched
Cybercriminals target and benefit from unpatched software. It’s an easy way for hackers to find a hole in your security strategy. With new patches being released quite often, IT teams find it hard to keep up. Patch Management software helps businesses centralize comprehensive patching and ensure the security of the network.Utilize firewalls, secure gateways, and antivirus solutions
New attack methods are popping up rapidly. Robust cybersecurity solutions provide a barrier between your network and the bad guys. Placing antivirus software on all devices, a network firewall, and secure gateways reduce the risk of a costly breach and provide peace of mind.
Whether you’re concerned about being the target, or about your own third-party connections lacking sufficient protection — being secure starts with awareness. In this case, acknowledging the vulnerabilities that inevitably come along with digital connectivity. Below are a few ways you can determine the level of security in your digital supply chain and how to implement protection.
Install business-level cybersecurity solutions to protect yourself. Things do slip through the cracks sometimes. It’s important to have several layers of security in place to protect your network from the unpredictability of cybercrime.
The new Avast Cybersecurity Basics Training Quiz provides training on Data Security, Identity Management, and Social Media Security
How SMBs can effectively protect their networks from cyberthreats – without breaking their security budgets