The Federal government has launched a public awareness campaign urging all types of U.S. businesses to better defend themselves against online attackers, who may be trying to steal their sensitive data or wage supply chain attacks.
The effort, being run by the National Counterintelligence and Security Center (NCSC) aims to improve the minimum level of information security practices in place at businesses.
At a minimum, NCSC is urging all organizations to review supply chain security, safeguard against spear-phishing emails, beware of social media deception and expect that, when traveling abroad, their equipment will be subject to surveillance or interference.
One area of emphasis is monitoring and managing threats through your supply chain. “A major factor enabling supply chain threats has been the globalization of our supply chains, characterized by a complex web of contracts and subcontracts for component parts, services and manufacturing extending across the country and around the world.”
Prevention includes asking the right questions, conducting due diligence, as well as hiring “acquisition and procurement personnel” to be integral members of an organization’s “enterprise-wide risk management and security program,” NCSC says.
While these risks aren’t necessarily new, they do place a big, fat spotlight on a weakness in many vendor management programs, most due diligence focuses on the primary vendor relationship and rightly so as that is oftentimes where the biggest risks lie. But it’s become increasingly as important to assess risk down the line to understand all of the players involved in the ultimate provision of your goods and services, that includes manufacturers, subcontractors and downstream vendors that provide outsourced services to your primary vendor.
Now is a perfect time to take a hard look at your procurement and due diligence process to ensure you’re asking the right questions, and have the appropriate subject matter experts to assess risks throughout your entire supply chain, and can effectively protect your organization both now and into the future.