One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8314515 |
| Date de publication | 2023-03-01 11:00:00 (vue: 2023-03-01 11:06:28) |
| Titre | Third party Cybersecurity risks in securing the supply chain |
| Texte | Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their customers is increasingly made up of third-party components and code that can put applications at risk if they aren't properly secured. It's a problem that cuts across every industry, but manufacturers are feeling it especially acutely because they're tasked with securing not only the software supply chain but the physical supply chain as well. It's a very layered risk issue for manufacturers for two big reasons. First of all, the things that manufacturers produce today are increasingly connected and more software dependent than ever before. They depend on a host of specialized silicon and digital components that are invariably produced by third-party manufactures themselves, creating a nested chain of third-, fourth-, and Nth-party dependencies that are difficult to track, let alone manage risk against. Secondly, the factory floor itself is a part of the supply chain that is becoming more intricately converged with the IT network and which is highly dependent on third-party equipment, software, and remote connections. Given these factors, it becomes clear that managing cybersecurity risk across the supply chain will require manufacturers to carefully attend to the risk brought to the table by their third-party suppliers and contractors. And on the flip side, many manufacturers who provide components to clients who are also manufacturers must stay vigilant as security standards rise for what it takes to get their products in the door elsewhere. "As I've been doing in-depth interviews for our AT&T Cybersecurity Insights Report and also doing customer calls, one of the things I've observed about manufacturers in the supply chain is that even when they're smaller—say, 50- to 100-person shops—they're still saying, 'Security is critical to us,'" says Theresa Lanowitz, security evangelist for AT&T. “They know they need to be doing everything they can to abide by their customers' security guidelines, external rules and regulations, and mitigating the risk required to keep the entire supply chain secure." It's an issue that cybersecurity experts at AT&T like Lanowitz and those at Palo Alto Networks have increasingly been collaborating on to help manufacturing customers address across their organizations. The following are some tips they recommend for manufacturers managing third-party cyber risk in the supply chain. Risk scores and signals matter Because digital components and hardware are so woven into the products that supply chain providers deliver to their manufacturing clients, risk scores and signals matter more than ever. According to Dharminder Debisarun, worldwide industry security architect for manufacturing, Internet of Things and transport at Palo Alto Networks, it's up to companies determine what their risk appetite is for their providers—depending especially on what they're delivering to the supply chain—and start finding ways to get transparency into that. "Ask yourself, 'What's our risk appetite for suppliers that we work with?'" he says. "You want to know that before you engage with them. Then there needs to be some kind of framework or certification that says 'Hey, this company is secure enough to do business with’." He says some governments have provided that kind of grounding—for example in Germany the automotive industry relies on the TISAX certification to prove out baseline security proficiency. Barring that, the growing world of |
| Envoyé | Oui |
| Condensat | “they 100 abb abide about access access—especially according account across actual acutely address against agrees all allow almost alone also alto another appetite applications apps architect architecting architecture are aren around ask assembly at&t attend audits automotive back barring baseline basically because becomes becoming been before between big biggest bit blind breached brought build built business but calls can capability car carefully cars cases certification certifications chain chain—and challenges clear clients code coding collaborate collaborating combines comes companies company components concept connected connections connectivity consider consumption continuous contractors contracts contractually control controls converged coordinating core covid create creates creating critical crucial customer customers cuts cyber cybersecurity data debisarun deep deliver delivered delivering depend dependencies dependent depth determine devices dharminder difficult digital disclosure doing door downstream ecosystem edge eliminating elsewhere embedded enforced engage enough ensure enterprise enterprises entire equipment especially established evangelist even event events ever every everything everywhere example experts explaining explains external factors factory failure feeling finally finding fine fire first flip floor flying following forgotten fourth framework from germany get getting giants given goal going governments grained grounding—for growing guidelines handle hardware have help hey highlights highly host how impact importance important in most incidents include increasingly industry insights inspection integral internal internet interrupted intertwined interviews intricately invariably issue itself keep key kind know lanowitz last layered least let like line lines long made maintained maintenance major make manage managed management managing manufacturer manufacturers manufactures manufacturing many material matter meantime mind mitigating monitoring more must need needs nested network networks never not now nth observed oft one ongoing only operations organizations out over palo part parties party pathway person physical place plan plant point points post prevailing privileged problem produce produced product production products proficiency properly protect prove provide provided providers providers—depending put ransomware readiness really reasons recommend regulations relies remembering remote report require required requirements requires resilience resolved revolving rise risk risks rockwell rules run sase saying says scores screening secondly secure secured securely securing security service setting she shops—they should side siemens signals signing—the silicon simple single smaller—say software some something specialized standards start stay stop streams supplier suppliers supply sure table takes tasked than them themselves then there theresa these they things third those tiny tips tisax today top track traffic transparency transport trust two ultimately unified use users using vendor vendors verification very vigilant vulnerabilities wait waiting want ways well what when which who will with’ work world worldwide woven year you your yourself zero ztna |
| Tags | |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.