Cyber supply chain risks touch sourcing, vendor management, supply chain continuity and quality, transportation security, and many other functions across the enterprise that require a coordinated effort to address.
Cyber Supply Chain Security Principles
- Develop your defenses based on the assumption that your systems will be breached. Starting from the assumption that a breach will occur changes the decision matrix on how to proceed. Ultimately, the question is no longer just how to prevent a breach, but also how to mitigate an attacker’s ability to exploit the information they have accessed and how to recover from the breach.
- Cybersecurity is never just about technology, it’s about people, processes, and knowledge. It is more likely that breaches are caused by human error than by technology failures. IT security systems cannot protect critical information and intellectual property unless all employees throughout the supply chain use secure cybersecurity practices.
- Security is Security. There should be no distinction between physical and cyber security. Attackers sometimes exploit lapses in physical security in order to launch a cyber attack. By the same token, an attacker seeking access to a physical location might take advantage of cyber vulnerabilities in order to get in.
