Skip to main content
  • login
  • contact
  • language
    • English
    • Français
    • Español
    • Português
    • Deutsch
    • 简体中文
    • 日本語
  • search
X
GEP Logo GEP Logo
  • Company
    • Leadership
    • Customers
    • Partners
    • Sustainability at GEP
    • News
    • Events
    • Culture
    • Mission & Vision
    • Awards & Recognition
  • Solutions
    • Strategy
      • Procurement Consulting  
        • Procurement Transformation
        • Digital Procurement Transformation
        • Opportunity Assessment
        • M & A Services
        • Strategic Cost Management
        • Supply Risk Management
      • Supply Chain Consulting  
        • Environmental, Social and Governance
        • Socially Responsible Sourcing
        • Supply Chain Strategy
        • Supply Chain Diagnostics
        • Inventory Optimization
        • Network Optimization
      Software
      • GEP SMART  
        • Procurement Software
        • Direct Procurement Software
        • Indirect Procurement Software
        • Digital Procurement Transformation
        • Master Data Management
        • AP Automation
        • Spend Management
        • SMART S2P Technology
      • GEP NEXXE  
        • Supply Chain Visibility and Execution
        • Supply Chain Planning
        • Supply Chain Collaboration
        • Supply Chain Control Tower
        • Should-Cost Modeling
        • Inventory and Warehouse Management
      • GEP CLICK  
      • GEP MINERVA  
      Managed Services
      • Procurement Outsourcing  
        • Source-to-Contract
          • Spend Analysis
          • Strategic Sourcing
          • Category Management
          • Supply Market Intelligence
          • Tail-Spend Management
          • Procurement Support Services
        • Procure-to-Pay
          • Cost Recovery & Invoice Auditing
          • Accounts Payable
      • Supply Chain Outsourcing  
        • Planning & Forecasting
        • Inventory Management
        • Logistics Management
        • Supply Chain Data Management
        • Supply Chain Risk Management
  • Industries
    • Automotive
    • Chemicals
    • Consumer Packaged Goods
    • Energy & Utilities
    • Financial Services
    • Government & Nonprofit
    • Industrial Manufacturing
    • Life Sciences
    • Oil & Gas
    • Retail
    • Telecommunications, Media & Technology
    • High-Tech
    • Media & Entertainment
    • Software, Social & Platforms
    • Telecom
    • Travel & Hospitality
  • Knowledge Bank
    • Digital Transformation
    • Software & Technology
    • Strategy & Planning
    • Operations
    • Procurement
    • Sustainability
    • Insights From the Top
    • COVID-19 Resource Center
    • Inflation Strategies
  • Careers
    • Join Us
    • GEP Per Se
    • Campus Connect
  • Partners
   
  • GEP Strategy ›
    • GEP Strategy
    • ‹ Back
      • Procurement Consulting ›
        • Procurement Consulting
        • ‹ Back
          • Procurement Transformation ›
            • Procurement Transformation
            • ‹ Back
              • Procurement Strategy
              • Org. Design & Implementation
              • Capability Building
              • Change Management
              • Governance & Performance
              • Processes & Policies
              • S2P Operations
              • Sourcing & Category Management
              • Technology
          • Digital Procurement Transformation
          • Opportunity Assessment
          • M&A Services ›
            • M&A Services
            • ‹ Back
              • M&A Clean Room
          • Strategic Cost Management ›
            • Strategic Cost Management
            • ‹ Back
              • Zero-Based Budgeting
          • Supply Chain Risk Management
      • Supply Chain Consulting ›
        • Supply Chain Consulting
        • ‹ Back
          • SUSTAINABILITY AND RESILIENCE
          • Environmental, Social and Governance
          • Socially Responsible Sourcing
          • Scope 3
          • PLAN
          • Digital Planning, S&OP, S&OE
          • Collaborative Planning
          • PROCURE
          • Source To Contract
          • Procure To Pay
          • MAKE
          • Inventory Strategy & Management
          • Operations & Manufacturing Excellence
          • DELIVER
          • Network Strategy & Optimization
          • Warehousing & Transportation Management
  • GEP Software ›
    • GEP Software
    • ‹ Back
      • GEP SMART ›
        • GEP SMART
        • ‹ Back
          • Procurement Software
          • Direct Procurement Software ›
            • Direct Procurement Software
            • ‹ Back
              • Bill of Materials Management
              • Data Analytics & Reporting
              • Inventory Management
              • Master Data Management
              • Quality Management
              • Supplier Collaboration Portal
              • Supply Chain Operations
          • Indirect Procurement Software ›
            • Indirect Procurement Software
            • ‹ Back
              • Source-to-Contract
              • Spend Analysis
              • Savings Project Management
              • Category Management
              • Contract Management
              • Savings Tracking
              • Sourcing
              • Supplier Management
              • Procure-to-Pay
              • Guided Buying
              • Procurement Portal
              • Catalog Management
              • Order Processing
              • Invoice Management
          • Digital Procurement Transformation
          • Master Data Management
          • Product Accessibility
          • AP Automation
          • Spend Management
          • SMART S2P Technology
      • GEP NEXXE ›
        • GEP NEXXE
        • ‹ Back
          • Supply Chain Visibility and Execution ›
            • Supply Chain Visibility and Execution
            • ‹ Back
              • Inventory and Warehouse Management
              • Logistics Visibility
              • Control Tower
          • Supply Chain Planning ›
            • Supply Chain Planning
            • ‹ Back
              • Supply Chain Control Tower
              • Should-Cost Modeling
              • Demand Planning
              • Supply Chain Bill of Materials
              • Supply Chain Direct Sourcing
              • Supply Planning
          • Supply Chain Collaboration ›
            • Supply Chain Collaboration
            • ‹ Back
              • Forecast Collaboration
              • Purchase Order Collaboration
              • Quality Collaboration
              • Capacity Collaboration
              • Quality Management Software
          • Supply Chain Control Tower
          • Should-Cost Modeling
          • Inventory and Warehouse Management
      • GEP CLICK
      • GEP MINERVA
      • Innovation ›
        • Innovation
        • ‹ Back
          • Emerging Technologies
          • Native to Cloud
          • Native to Mobile
          • One Unified Platform
          • Security
          • User-Centric Design
  • GEP Managed Services ›
    • GEP Managed Services
    • ‹ Back
      • Procurement Outsourcing ›
        • Procurement Outsourcing
        • ‹ Back
          • Source-to-Contract
          • Spend Analysis
          • Strategic Sourcing ›
            • Strategic Sourcing
            • ‹ Back
              • MRO
              • CAPEX
              • Logistics
              • Packaging
              • IT & Telecom
              • Energy
              • Direct Materials
          • Category Management ›
            • Category Management
            • ‹ Back
              • Contract Management
              • Supplier Performance Management
              • Savings & Compliance Tracking
          • Supply Market Intelligence
          • Tail-Spend Management
          • Procurement Support Services ›
            • Procurement Support Services
            • ‹ Back
              • eSourcing
              • Supplier Performance Management
              • Savings & Compliance Tracking
              • Sourcing Support
          • Procure-to-Pay
          • Cost Recovery & Invoice Auditing
          • Accounts Payable
      • Supply Chain Outsourcing ›
        • Supply Chain Outsourcing
        • ‹ Back
          • Planning & Forecasting
          • Inventory Management
          • Logistics Management
          • Supply Chain Data Management
          • Supply Risk Management
  • Industries ›
    • Industries
    • ‹ Back
      • Automotive
      • Chemicals
      • Consumer Packaged Goods
      • Energy & Utilities
      • Financial Services
      • Government & Nonprofit
      • Industrial Manufacturing
      • Life Sciences
      • Oil & Gas
      • Retail
      • Telecommunications, Media & Technology
      • High-Tech
      • Media & Entertainment
      • Software, Social & Platforms
      • Telecom
      • Travel & Hospitality
  • Knowledge Bank ›
    • Knowledge Bank
    • ‹ Back
      • Digital Transformation
      • Operations
      • Procurement
      • Software & Technology
      • Strategy & Planning
      • Sustainability
      • Podcasts
      • Insights from the Top
      • COVID-19 Resource Center
      • Inflation Strategies
  • Company ›
    • Company
    • ‹ Back
      • Leadership
      • Customers
      • Partners
      • Sustainability at GEP
      • News
      • Events
      • Culture ›
        • Culture
        • ‹ Back
          • GEP Core Values
          • Women@GEP
          • Diversity
          • GEP Cares
      • Mission & Vision
      • Awards & Recognition
      • Contact Us
  • Global Presence ›
    • Global Presence
    • ‹ Back
      • Americas ›
        • Americas
        • ‹ Back
          • English
          • Español
          • Portugués
      • Europe ›
        • Europe
        • ‹ Back
          • English
          • Deutsch
      • Asia-Pacific ›
        • Asia-Pacific
        • ‹ Back
          • English
          • 中文
      • Middle East ›
        • Middle East
        • ‹ Back
          • English
          • العربية
  • Contact Us
  • Careers ›
    • Careers
    • ‹ Back
      • Join Us
      • GEP Per Se
      • Campus Connect
  • Language ›
    • Language
    • ‹ Back
      • English
      • Français
      • Español
      • Deutsch
      • Português
      • 简体中文
      • 日本語
  • Rapid Response from GEP
  • BLOGS
  • Strategy
  • Technology
  • MIND
Contact Us
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Breadcrumb

  1. HOME
  2. BLOG
  3. TECHNOLOGY
  4. 7 WAYS TO PREVENT A SUPPLY CHAIN ATTACK
Blog Image

7 Ways to Prevent a Supply Chain Attack

  • The risk of ransom-seeking cybercriminals crippling your supply chain has never been higher
  • Cyberattacks typically target the weakest link in the supply chain, usually third-party vendors
  • Strengthening the defenses involves understanding and carefully monitoring the vendor threat landscape

June 18, 2021 | Supply Chain Software Blogs

Your organization may have worked hard to develop and implement stringent security standards to secure its supply network. But what about the third parties in your supply chain?

Do all your software vendors prioritize security? Do they have appropriate checks in place to keep their networks and products secure?

The truth is many do not have such defenses in place.

This leaves organizations using the software and their customers increasingly vulnerable.

SolarWinds, Colonial Pipeline, JBS Foods

All of these were crippled by supply chain attacks recently.

The breach at SolarWinds, an IT management software provider, discovered in December 2020 showed how single points of failure can be exploited to have far-reaching impact. A malware-laced software update that hackers unleashed impacted as many as 18,000 organizations and government entities.

Even security vendors can be a target. In the SolarWinds case, one of the victims was FireEye, a cybersecurity vendor.

The SolarWinds hack could cost cyber insurance companies up to $90 million, according to an estimate by Bit Sight, a security rating firm.

In a survey of security leaders in February by Splunk and Enterprise Strategy Group, 78% said they are “concerned about more SolarWinds-style attacks in the future.”

Their worries came true in May, when cybercriminals took over the network of Colonial Pipeline, a critical supplier of fuels to the U.S. East Coast, and extracted a hefty ransom in bitcoins (some of which has been recovered).

Soon enough, another cyber-attack affected operations of the world’s largest meat processor JBS SA across the U.S., Canada and Australia. This company too was forced to pay a large ransom.

Third-party vendors: a soft target for hackers

Supply chain attacks typically originate from a trusted business partner, vendor or supplier and target the weakest or least secure link in the supply chain. Cybercriminals usually zero-in on third parties that often have the weakest cybersecurity measures in place.

By targeting the least secure links of the supply chain, hackers are much more likely to succeed in penetrating secure systems to access vital data.

In most cases, the initial victim of the hack is not the ultimate target, rather it serves as a gateway to a larger network.

Preventing supply chain attacks

Every company in a supply chain must understand it is a potential target for cyber-breach and should know how to secure its data and network.

Here are seven measures your business should undertake to shore up its cyber defenses:

1. Understand and define the threat landscape

Map out the threat landscape, which includes software vendors, open-source projects, IT and cloud services. Make a list of all third-party tools and services used in software projects.

2. Choose a vendor carefully

Before shortlisting a vendor, consider its cybersecurity framework. Ensure that vendors have structured, validated and certified security policies and procedures. Contracts with vendors must clearly state the standards and requirements for access and use of data.

3. Monitor software vendors closely

Pay special attention to software suppliers, particularly for software that has privileged access to company assets. For these suppliers, the assessment must be more elaborate to assess the integrity of the software development process. Ensure that adequate controls are in place to check the introduction of malicious code.

4. Limit data access

It is not unusual for companies to make their data available to third parties. However, this must be done with due consideration. Lesser the number of people who have access to data, the simpler it is to control and mitigate threats. Do an audit to determine who has access to data and what they are doing with this data. A business can also exercise control by sharing data with vendors in a one-way feed.

5. Protect developer endpoints

Keep an eye on developer endpoints, such as servers, workstations or virtual machines. Deploy endpoint protection platforms and endpoint detection and response technology to detect anomalous behavior and facilitate immediate response.

6. Educate staff, vendors and partners

At times, more than technology, a cultural change is needed to combat cyber threats. Employees as well as vendors and partners must be aware of what they can do and, more importantly, what they cannot do with sensitive data and information. Conduct training sessions to educate staff on all aspects of security such as company policy, password security and social engineering attack methods.

7. Keep a contingency plan ready

Ensure that there is an incident response plan in place to effectively deal with a potential crisis. Such a plan should include the full range of incidents that could occur and set out appropriate responses.

Lack of standards

Unfortunately, there are no set standards currently that specifically address the security of the software supply chain and software development process. However, some institutions, such as the Consortium for Information and Software Quality, are working to address this lack of standards.

Conclusion

Doing proper due diligence is critical to avoid situations where your supply chain is hacked.

All businesses, big and small, must know who their software and hardware suppliers are, vet them and hold them to certain standards. This is as important as negotiating a contract with the vendor.

 

Tags: Supply Chain Management

Add Comment +

FEATURED POST

...
Supply Chain Strategy Blogs

How to Effectively Monitor Scope 3 Emissions From Your Supply Chain

...
Supply Chain Software Blogs

From Cost to Resiliency: How Supply Chain Priorities Have Changed

    BLOG CATEGORIES

  • Procurement Software Blogs
  • Supply Chain Software Blogs
  • Inventory Management Software Blogs
  • Source to Pay Blogs
  • Accounts Payable Blogs
  • Contract Management Blogs
  • Mobile and Cloud Blogs
  • Spend Management Blogs
  • Operations Blogs
  • Purchasing Blogs
  • Spend Analysis Blogs
  • Sourcing Technology Blogs
  • Supplier Management Technology Blogs
  • Procure to Pay Blogs

TAGS

sustainability
Procurement Software
supply chain strategy
Inflation
Russia-Ukraine War

By checking the box below, you consent to GEP using your personal information to send you thought leadership content – such as white papers, research reports, case studies – and other communications. GEP representatives may contact you to provide additional information or answer questions.

If at any point in time you decide to withdraw your consent, you may unsubscribe by emailing your request to us at privacy@gep.com.

Please refer to the GEP Privacy Statement to understand how we manage and protect your personal information.

Terms of Use | Privacy Statement

Contact Us

Ask Us

Send us your question(s)

RFP

Request for a business proposal

Feedback

Share your thoughts, comments and suggestions

Demo

Schedule a live demo of our software

Discover
STRATEGY
Strategy
  •   Procurement Consulting
  •   Digital Procurement Transformation
  •   Strategic Cost Management
  •   Opportunity Assessment
  •   Supply Chain Risk Management
  •   Supply Chain Consulting
  •   Supply Chain Strategy
  •   Supply Chain Diagnostics
  •   Inventory Optimization
  •   Procurement Transformation
  •   Sustainability and ESG Consulting
SOFTWARE
Software
  •   Procurement Software
  •   Supply Chain Software
  •   Source-to-Contract
  •   Procure-to-Pay
  •   Supply Chain Planning
  •   Supply Chain Collaboration
  •   Supply Chain Visibility & Execution
  •   Supply Chain Control Tower
  •   Should-Cost Modeling
  •   Inventory & Warehouse Management Software
  •   Source-To-Pay Software
MANAGED SERVICES
Managed Services
  •   Procurement Outsourcing
  •   Strategic Sourcing
  •   Tail-Spend Management
  •   Category Management
  •   Procurement Support Services
  •   Supply Chain Outsourcing
  •   Supply Chain Planning & Forecasting
  •   Inventory Management
  •   Logistics Management
COMPANY
Company
  •   About Us
  •   Leadership
  •   Customers
  •   Sustainability at GEP
  •   Careers
  •   News
  •   Awards
  •   Partners
  •   Contact Us

Fresh Insights, Now on Your Phone

  • Dowmload On The App Store Button
Stay Connected
  •  
  •  
  •  
  •  

Latest Tweets

  • What steps can companies take to achieve #ESG goals effectively? Well, they can start with #procurement. Learn how… https://t.co/HGEfNyGdeD

  • #ElectricVehicles are a key part of the auto industry's plan to become #NetZero by 2050. But EVs aren't enough on t… https://t.co/YlEoys6vTA

  • Why did Asahi choose #GEP as their #procurement and #SupplyChain partner? Check out this video featuring Carmen Rad… https://t.co/RmstcfJXtm

  • GEPpers know how to have a good time! Check out a glimpse of our Winter Party at the GEP Prague office. We are hir… https://t.co/BqVK6XkpHv

  • #Inflation has dampened expectations for GDP growth and raised the risks of a #recession. What can #procurement lea… https://t.co/Hn1R5bxZXn

  • 4D seismic #technology is opening deep-sea #OilAndGas reserves for exploration, lowering costs and optimizing reser… https://t.co/Omq51vlEq7

  • The #GEP Europe Outlook 2023 Roadshow is coming to a city near you! Join us to learn the seven critical priorities… https://t.co/Hzv68et4Rr

  • GEP wishes a Happy Republic Day to all the Indians around the world.  We are #hiring. Explore our careers section:… https://t.co/RKTsyBfQFc

  • Sustainability Outlook for 2023: Trends, Insights and Actions 25 Jan 2023 https://t.co/58KIepy577

  • #Pharma companies are reshoring production, but shortages of active pharmaceutical ingredients make it a challenge.… https://t.co/a3uQJhn7tx

  • With uncertainty looming over 2023, there’s no end in sight to the challenges for #SupplyChain and #Procurement lea… https://t.co/O9tWELnt2i

  • Tight timelines and #COVID-related uncertainties made post-merger data ecosystem #convergence a tricky task for thi… https://t.co/RY6du0AP1D

  • Discover the keys to operating a strategic #procurement and supply function at an essential #PetroChemicals company… https://t.co/sJZmqhnWvS

  • What action should business leaders be taking on #sustainability in 2023? Join #GEP Founder and COO @JT_Turimella a… https://t.co/aerbJSp3GU

  • The pandemic and a labor shortage have exposed gaps in #pharma supply chains. Digital #SupplyChain transformation c… https://t.co/Bwvey5ObWn

  • GEP wishes everyone a very Happy Lunar New Year. May this Year of the Rabbit herald fresh starts and renewal of pro… https://t.co/Lnf3ZkO2zJ

  • Facing uncertainty and #disruption, #procurement needs agility — something #ERPs can’t provide. Here are 5 things t… https://t.co/ouGnhfW6wM

  • #GEP's Global Supply Chain Volatility Index reports 'Demand For Raw Materials Goes Down Reflecting Recession Risks'… https://t.co/dvIRfr8eyd

  • 2023 looks like another challenging year for #LifeSciences companies. This definitive #GEP outlook looks at the mac… https://t.co/ITzThy1PuC

© Copyright GEP 2022. All rights reserved. Terms of Use | Privacy Statement | Cookie Policy |   | Quality Policy | GEP Logo