Protecting The Cybersecurity Of Your Supply Chain

By Devin Partida, ReHack.com

The need for better supply chain cybersecurity has become painfully evident. In late 2020, the SolarWinds hack put as many as 18,000 people at risk, highlighting how destructive these attacks can be. Retailers must now reckon with the aftermath of this breach and secure their chains from similar incidents.

As the SolarWinds attack demonstrates, supply chains are often vulnerable to hackers. With retailers gathering an increasing amount of sensitive data, they’re valuable targets, too. Supply chain cyberattacks will likely become increasingly common, so here’s how retailers can protect themselves and their customers.

1. Vet All Supply Chain Partners

Supply chains involve many third parties, from suppliers to shipping partners, and these all represent potential risks. If a partner has access to critical data or systems and gets hacked, they become an entry point to clients’ systems. That’s what happened in the SolarWinds attack, and it demonstrates why retailers should vet their partners thoroughly.

Before partnering with any other organization, retailers should ask for verification of robust cybersecurity. Partners should ideally possess security certifications like ISO 28000. Hiring cybersecurity specialists to audit their systems will help ensure they meet the standards they claim to.

2. Restrict Data Access

After vetting partners, retailers should reconsider how much these other parties can access. The more data and systems someone has access to, the more destructive a potential breach on their end becomes. Restricting access controls mitigates how damaging an attack might be.

Since 34% of data breaches involve internal actors, this concept applies to employees, too. All workers should only have access to the data and systems they need to do their job. Retailers can take this a step further by limiting how much information they collect in the first place.

3. Improve Visibility

The SolarWinds hack likely happened months before anyone detected it, highlighting the importance of visibility. Supply chain security expert Chris Nissen says it’s a mistake to trust anything you’re not continually monitoring. If retailers checked all the data and developments within their supply chain, they’d spot abnormalities sooner.

Some retailers may consider embracing blockchain technology to increase visibility. Companies like IBM offer tracking solutions that brands use to verify their products’ integrity through the supply chain. Blockchains’ distributed, encrypted nature also makes it harder for hackers to access sensitive data.

4. Secure IoT Devices

Many modern supply chains include a network of Internet of Things (IoT) devices. While ideal for improving visibility, these gadgets can serve as gateways to more sensitive information. Retailers who use them should ensure they secure them to close all backdoors.

Since many IoT devices feature limited built-in security, retailers should look for options with higher security standards. Enabling automatic updates and encrypting all device traffic will help keep these gadgets safe, too. Finally, retailers should host IoT sensors on separate networks from sensitive data to lessen their potential impact if breached.

5. Pen Test Regularly

Cybersecurity is a continually evolving field, with hackers regularly adapting their methods to work around new defenses. The SolarWinds hack used sophisticated techniques that older security practices were likely unable to stop. Since best practices and reliable safety measures change regularly, retailers should frequently test their systems’ resiliency.

Penetration testing, or pen testing, involves cybersecurity experts attempting to hack into a system to see where its weaknesses lie. Research indicates as many as 95% of data breaches are preventable, and these tests help supply chains prevent them. When retailers know where and how to improve, they can protect against developing threats.

Supply Chain Security Is Crucial

Retailers depend on supply chains, so securing them is critical. Attacks like the SolarWinds hack highlight how destructive and far-reaching these breaches can be, so now is the time to improve cybersecurity. If retailers follow these steps and put security before everything else, they can stay safe amid rising threats.

About The Author

Devin Partida is a writer and blogger interested in retail technologies and business solutions. To read more from Devin, visit ReHack.com, where she is the Editor-in-Chief.