With all the talk of digitising services and new cloud-based apps, the element of security that is often overlooked is that of hardware devices. However, with the rise of Internet of Things devices and applications, such as Smart Homes, Smart Cities and autonomous vehicles, it is crucial that hardware security is taken seriously.
According to Symantec, IoT devices endure approximately 5,200 attacks per month, on average. However, the nebulous nature of digital connections keeps software patches, anti-malware precautions and other primarily digital-focused programs at the top of the priority list for CISOs and information security teams. While these are necessary, proactive strategies, they do not take into account the potential for hardware damage and sabotage during device building, transportation or after. If a critical transmitter is tampered with, for example, it could be easily exploited to reveal sensitive or personal data. These kinds of attacks are more difficult to immediately trace and solve, as security teams may initially rely on software solutions, such as updating bugs or re-installing operating systems.
Hardware risks cannot be overlooked when assessing risks to your supply chain. When looking at your integrated risk – or risk across the categories of cyber security, compliance and business operations – make sure to consider hardware tampering and exploitation. Several key elements that should be included in this appraisal are:
An index of third-party hardware suppliers. Just like your register of other third-party vendors, hardware suppliers should be consistently monitored for cyber threats, compliance status and news and reputation.
Knowledge of the hardware components that contain or provide business-critical functions, or that store or communicate sensitive data. Without knowing where hackers may target, it might be difficult to detect the source of an attack. Additionally, you can then take proactive measures to ensure the security of these components.
Assess the hardware component to a high standard. This can involve various methods of security or pentesting, establishing a baseline of what is normal for that component.
Implement filters to any connected devices. Connected devices should be protected by a barrier, which automatically blocks any unknown or suspicious communications.
Continually monitor your entire third-party ecosystem for evolving threats. Using a tool like CyDesk, keep an eye on your entire third-party ecosystem, identifying potential threats from both hardware and software suppliers and managing risks for business assurance.
Want to see what your third-party ecosystem looks like? Book a demo with us here.