Supply Chain Cybersecurity: Experts on How to Mitigate Third Party Risk

This article was originally posted at:

23 information security experts provide tips for securing data across business partners, suppliers, and other third parties.

When companies think about security, they most often think of securing their networks, software, and digital assets against cyber attacks and data breaches. But the supply chain – whether a traditional manufacturer or service provider’s supply chain or the “data supply chain” relied on by most large companies – is also vulnerable to security risks, as has been seen in a litany of major data breaches via third parties.

Practically every company has a place in the supply chain, and supply chains are evolving to be as much about the flow of information as they are about the flow of goods and services. Thus, it comes as no surprise that supply chain security is a highly complex, evolving function, and it’s one that security pros and business executives are giving more attention as the risks facing information throughout the supply chain become increasingly obvious.

Supply chain security is every company’s responsibility. The supply chain as a whole is only truly secure when all entities throughout the supply chain carry out effective, coordinated security measures to ensure the integrity of supply chain data, the safety of goods, and the security of the global economy. To find out what tactics and methods companies can utilize to enhance the security of their supply chains and contribute to global supply chain security, we asked a panel of security experts and supply chain professionals to answer this question:

“What steps should companies take to secure their supply chains against cyber attacks/data breaches?”

Chadd Carr is the Director of PricewaterhouseCoopers (PwC) National Cyber Threat Research Center. As a former Special Agent with the Air Force Office of Special Investigations, Chadd has over 18 years’ experience in cyber security, network intrusion investigations, computer forensics, and information operations expressly related to the financial services sector. As a Director with PwC, he oversees PwC’s Cyber Threat Intelligence services, servicing both national and international clients, throughout all sectors.

“There are a few steps steps should companies take to secure their supply chains against cyber attacks and data breaches…”

1. Companies should consider defining reasonable levels of security and associated controls; requiring sub-contractors, vendors, and critical supply chain partners to meet or exceed those standards as terms and conditions of established business agreements.

2. Companies should consider adding vendor-identifiable information to any existing cyber threat intelligence activities to identify instances of emerging threats or active attacks. Threat actors may compromise a lesser-defended vendor network identified as having access to the principal enterprise network. Awareness of these activities would allow the parent company to initiate countermeasures before the threat actor has the opportunity to move laterally onto their network. Cybersecurity, much like life, requires collaboration.

This article was originally posted at:

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top