Securing a long-tail supply chain3 min read

Supply chains of all types are often long and complex. As organisations rely more and more on data to drive their businesses, so digital supply chains in particular continue to grow. And, as supply chains continue to grow, so do expectations and so do risks.

With the aim of driving increased profits, many organisations rely on outsourcing to a supply chain partner. This, in turn, leads to an extended, long-tail value chain.

When agreeing to a digital supply chain partner, there are two important factors to consider:

• the ability to trust your partner’s security protocol;
• consideration of any risks that could result from outsourcing through multiple parties.

When agreeing to work together, best practices and implied trustworthiness are implicit, but is it really possible to be certain that a digital supply chain partner is cyber-aware and can be trusted?

Malicious actors can be just about anywhere, including in your partner’s network or further down the supply chain. So what happens if someone, somewhere on your “trusted” chain has a malware attack due to poor cyber hygiene and you lose a critical component of your business? To prevent a catastrophe, it’s vital to build a strong, trusted and defensive supply chain to ensure that all electronic files arrive safely at their destination from their point of origin.

Real trust

Real trust among the supply chain depends on several things. First, it’s vital to make sure that you have visibility into your partner’s security protocols so that you can influence those protocols as much as possible, guaranteeing that you and your business are as safe as possible.

In addition, investing in leading-edge technology that puts the most effective protective barriers between you and your partners, while not getting in the way of business, provides the best security.

Cybersecurity standards exist. A well-known example being Domain Message Authentication Reporting & Conformance (DMARC). Effective technologies that stop all sorts of malicious threats are also available. Both approaches effectively monitor and secure who and what is entering your network. These are just two of the many ways you can ensure your chain is as secure as possible.

At the same time, while defending against cyber-risks, it’s vital to be cautious of some of the security protocols followed and of those technologies invested in to prevent potential operational risks. Risky files may well be intercepted, but so will other trusted emails. This will affect the normal course of business, slowing productivity and leading to inefficiencies.

Today’s businesses require a much higher pace of operations, making these types of disruptions unacceptable. Leading-edge technology such as content disarm and reconstruction (CDR) doesn’t attempt to identify and block suspicious attachments, rather it regenerates clean, secure files and passes them on.

Extended value chains can include fourth or even fifth parties, making the document journey much longer. A company may receive an infected invoice from a third party but use a fourth party to pay the bill, sending the infected file along the value chain, and infecting all systems touched by the malware as it proceeds. For those with file regeneration technologies in place, the chain is immediately broken.

Don’t be “patient zero”

Another important aspect of long-tail value chains is ensuring that you aren’t “patient zero”. Ensuring the integrity of outbound files is as important as defending yourself from those that come in. Given the number of cyberthreats, organisations should be taking a long, hard look at technologies and partners that enforce a standard of compliance to both outbound and inbound files. Diligent policy-setting will always be important, but combining it with the right technology and a deliberate and constant focus on outcomes will provide far greater assurance that all organisations across the business ecosystem stay safe.

This article is based on one in the August 20, 2019 edition of Security Boulevard. Click on the link to read the original.