When people think of cyber security, we all think of data security. Whether you are hiring professionals or providing physical goods and services, the security of your employees’, applicants’, and customers’ data is of utmost importance. And with more devices and people getting connected, security breaches are becoming more prevalent.
Hackers usually want one thing: money. They take your data and hold that hostage in exchange for money, or at the very least, something in kind. And a supply chain attack is a very costly incident.
Supply Chain Attack
What is a supply chain attack?
Supply chain attacks are cyberattacks that target the supply chain. You will probably also hear them called value chain attacks or third party attacks.
How does it happen?
Hackers will target the weakest link in your value chain. They can do this by introducing a virus or some other type of malware into the target system, circumvent the security system in place, and steal sensitive data.
They can also physically install something that would steal data or actual cash, like ATM malware that is physically installed into an ATM and would give thieves access to PINs and other account details. Another type of ATM malware actually allows hackers to clear out the target ATM’s entire cash vault.
In 2020, a company whose clients include several federal institutions had a security breach. The hackers infiltrated the system through a compromised software update. The breach happened in the first quarter of 2020. The breach was discovered December 2020.
Why cyber security needs to be a priority
Imagine having a cache of sensitive data, data that involves national security, or the personal data of every customer you have including financial data and other sensitive information that could not and should not be shared. Keeping that data safe and secure is what keeps your customers feeling safe. It makes them trust your company enough to avail of your services.
Now imagine having your “secure” vault infiltrated and all that data copied. All the financial data, personal data, sensitive data in the hands of people whose goal is to either disrupt the value chain or to gain money from their victims. All your customers’ data are now in the hands of those people. The financial loss itself would be astounding — both yours and your customers’.
Your customer base would then shrink. You were not able to deliver on your assurance of secure data. It would take years to rebuild that trust, to rebuild that customer base. It would take a very long time to remove that “security breach” stigma from your company name.
This disrupts the activity of your value chain and has an encompassing effect not just on you and your customers, but also the other members in your supply chain. The damage branches outwards and affects more people.
Not to mention the legal consequences you may be facing. Data privacy and security laws hold you accountable in keeping sensitive data safe. You could be facing regulatory sanctions and hefty fines.
Cyber Security Best Practices
As a company you have the duty to protect all types of data, and in order to fulfill that duty, you need to take certain steps to ensure that your corporate and customer data are kept safe.
Create a cyber security policy
It is a good idea to have a policy in place when it comes to cyber security. This allows you and your cyber security specialists to write down a set of rules to strengthen your security and identify your vulnerabilities. This also gets all your employees across the company on the same page when it comes to cyber security.
It is also a good idea to perform security audits as often as possible. Security audits can expose weak links in your system and test out the plans you have in place in case of a cyber security breach.
Two-factor or multi-factor authentication
Two-factor authentication adds a second layer of security. It might not seem like a lot but it does help. Passwords can be guessed or hacked. Some people could write down their passwords on a piece of paper and keep it somewhere they think is safe only for someone with malicious intent to find it and use it.
A second layer of protection like a code or pin or even that person’s fingerprint can help establish the identity of the user. Biometric data is harder to hack than normal passwords.
Always backup your data
This is something that cannot be overlooked. In case of a security breach, your entire system might need to be disconnected and shut down until the invasion is contained. Having secure and updated backup data will help save you a lot of grief later.
Your backup needs to be encrypted and very secure. It is also a good idea to have different people handle the backup of different sets of data. This is to ensure that in case you have a mole inside your company, they will not have access to everything.
Keeping data safe and the value chain secure is not just on the shoulders of your cyber security team. Everyone is responsible for protecting company and customer data.
Author’s Biography – Arleen Atienza has been writing for several organizations and individuals in the past five years. Her educational background in Psychology and professional experience in corporate enable her to approach a wide range of topics including finance, business, beauty, health and wellness, and law, to name a few.
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com