Information security is one aspect which is not dealt with in great importance at Indian Business Schools mainly because the faculty do not have prior exposure in the area and most of them do not have any idea of what risks are posed by information security compromises.
The risks to the corporate supply chain is further compounded when one realises that any member in the supply chain could be a potential threat to the information security. Mostly it is the smallest player, which is the weakest link. Due to financial considerations the smallest player is unable to maintain a tightly controlled and monitored information surveillance. This leaves their information system to great risk, enabling hackers to attack the weak points, enter the main system to cause great damage..
The risks to the corporate supply chain is further compounded when one realises that any member in the supply chain could be a potential threat to the information security. Mostly it is the smallest player, which is the weakest link. Due to financial considerations the smallest player is unable to maintain a tightly controlled and monitored information surveillance. This leaves their information system to great risk, enabling hackers to attack the weak points, enter the main system to cause great damage..
What are the different types of security breaches that can happen in a supply chain information system ?
1. Cyber-terrorism - the main server of the organisation is taken over by the hackers, asking for huge compensation from the parent organisation to release the server and its contents back to the rightful owner
2. Trojanisation - Trojanisation refers to the intended addition of improper functionality to a software system by a piece of malware - a Trojan Horse. It infects the software downloads with viruses, that could potentially cause server overloads or leak sensitive personal and financial information of employees, organisation and vendors.
3. Advanced Persistent Threat (APT) Definition from whatis.com, "An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time". The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
5. Outdated security software : Security software needs to be updated as and when patches for new security threats are released.
4. Poor encryption, using 64 bit encryption as compared to 128 or 256 bit encryption which is more secure.
5. Denial of service - Hackers hijacking systems denying the actual users access to the system
How can the weak players be a potential threat to the major organisation which is outsourcing its supply chain functions to outside vendors ?
There are many loop holes that make it possible to hack into organisational security systems. Let us not forget that the system is only as strong as the weakest member in the link is.
1. The smallest vendor may be enabling its employees to access its own mail or operational servers or cloud servers using very weak passwords.
2. The vendor maintaining the website of the small vendor may be careless about his information security systems and employee access.
3. Your supplier's supplier may cause a lapse in the system leading to a whole system compromise
4. Manage system security by adapting security procedures to include suppliers, vendors and even customers
George ..
References :
1. CERT-UK www.ncsc.gov.uk - Cyber security risks in the supply chain
No comments:
Post a Comment