When twenty executives step into the same small elevator and one of them unknowingly has the flu, what are the odds that two or three more might have it by the time they step out? The same principle applies to supply chain. With businesses having so many suppliers, partners, and contractors connected to their infrastructure, a security breach in one spot can mean a breach everywhere. Massimo Cotrozzi writes about the threat at Infosecurity Magazine.
He says that vague assurances of basic security compliance are often the most rigorous checks provided. This is due to time constraints and the demand to deliver on objectives. But becoming too lax in security is exactly how things like the Target hack happen, where it is believed that the hackers got in through their contracted air-conditioning system. Cotrozzi believes that supply chain certification might be the answer, where all hardware and software security are tested and reviewed. If such an option is not affordable, then at the very least, you need to be asking the right questions to your suppliers about security.
You can read Cotrozzi’s full article here: http://www.infosecurity-magazine.com/blog/2014/5/8/supply-chain-friend-or-foe-/1117.aspx