This year organizations and their customers were impacted by supply chain attacks such as SolarWinds and Kaseya. Then we heard about Lazarus, a notorious APT group using MATA malware and backdoors to target supply chains, particularly in the defense sector. These ripples were felt around the world, and in the Asia Pacific region too. According to a Barracuda survey, 46% of APAC respondents identified software supply chain attacks as their top application security challenge. That’s why it is important to have a Cyber Supply Chain Risk Management (C-SCRM).
Now, organization outsource to vendors and contractors to save costs, and to focus on core competencies, innovation, and core competencies. But vendors and solution providers could be the weak link in the chain. And since you are entrusting them with your customer data and giving them the keys to your infrastructure, albeit in a controlled manner, that increases your risk quotient.
According to the Poneman Institute’s Cost of Data Breach Report 2020, data breaches caused by third parties increase the cost of a data breach by an average of $207,411.
Since you depend on the nth vendor, you need to be assured that their environments are as secure as yours – to assure your customers that their data is safe. That also mitigates the risk for your own infrastructure.
And that’s where Cyber Supply Chain Risk Management (C-SCRM) comes in.
Mani Keerthi Nagothu is a cybersecurity professional with work experience starting in India, London, Bermuda, and Canada. She worked with consulting firms before her current role as Security Lead at Ballard Power Systems. She is also an expert on C-SCRM.
Her experience comprises building cybersecurity strategies, developing security initiatives, Cyber incident response, and risk assessments.
She was a recent speaker at (ISC)2 security congress 2021, Cloud Security Alliance SECtember 2021, Day of Shecurity 2021, Bsides (Vancouver, Calgary, Edmonton) 2021.
She recently started a podcast on LinkedIn named: “A Thought in Cyber” season 1. The podcast focuses on specific topics related to Cybersecurity including leadership, Emerging Technology, and Emotional Intelligence.