Supply Chain Vulnerability

Supply Chain Vulnerability refers to the amount of risk your IT environment has based on the exposure to holes in the security of companies you work with. Learn more about CyberSecurity. Vendors, Suppliers, Referral Partners and any other entities you come into contact with are potential gateways into your network.

Most people think of inventory when they hear Supply Chain Vulnerability. So let’s look at an example from that perspective. Your company manufactures a widget. This widget requires Part A & Part B to be assembled in your factory. Company 1 custom builds Part A and Company 2 custom builds Part B. This is your supply chain.

Government shuts down Company 1 so you no longer have any Part A’s to manufacture your widget. You did nothing wrong, but you are still out of business because you were not able to resupply your Part A’s in a timely fashion. Your exposure to risk was inherited from Company 1. This is a Supply Chain Vulnerability.

To protect yourself from this exposure, you vet the company and you probably also set-up a secondary supplier. You mitigate your risk.

CyberSecurity Supply Chain Vulnerability

Now let’s take our Supply Chain Vulnerability example and add CyberSecurity to the mix.

You work with Referral Partner A who sells Product A. You sell Product B which is complimentary to Product A so you have created a relationship where you pay Partner A for any sale to a client referred by Referral Partner A. Actually a pretty common scenario. You store their information in a very secure environment because you keep their financial information which you know is very sensitive. You have done everything you should do to protect your environment. Or have you?

In our very real example, you have a severe CyberSecurity Supply Chain Vulnerability. Referral Partner A does not do a great job of securing their network or data and they do not monitor. They don’t see the importance of cybersecurity since they don’t keep financial data. Their concept of security is installing an SSL certificate.

Then it happens. Referral Partner A is hacked and consumer data is stolen. They have no reason to tell you about the event. Referral Partner A probably does not even know it happened. Remember that consumers will typically use the same password, especially if the sites are related. You probably don’t have single failed logins on your security radar so you are not notified of illicit activity. Meanwhile, cybercriminals are legitimately logging into a percentage of your accounts and now stealing secure data or fraudulently buying products and you don’t even know until it is too late. Then the Guess what, the fraud bill hits and you are out of business.

This scenario happens all the time in the real world and it is a business killer.

Where is the Biggest Supply Chain Vulnerability?

That depends on which class of business you are in – VSB, SMB or Enterprise. This is a quick overview of the different CyberSecurity Supply Chain Vulnerabilities that exist at different business levels and what you can do to plug the holes.

VSB’s or Very Small Businesses typically do not have even the most basic CyberSecurity protection in place. This class of business represents the highest risk category. The standard VSB does not have the IT personnel or sophistication in place, nor do they have the resources to hire and dedicate employees to the cybersecurity function. They are focused on sales and nothing else. Learn more about VSB’s.

SMB’s or Small and Midsize Businesses can be logically split into two categories. The Small Business category and the Midsize Business category. While this may seem a bit obvious, there are significant differences in their approach to cybersecurity. The Small Business operates more along the lines of the VSB in that they are focused on sales and do not have the resources to allocate or the IT sophistication to devote to network protection. As the business transitions into a Midsize category is typically where you see the application of cybersecurity practices. Even at this level however, there still exists a great deal of exposure since the company is just starting to plug the holes. Learn more about SMB exposure here.

Enterprise level organizations will be more mature in their cybersecurity efforts, but they are still exposed. Look at recent examples of data that was stolen from major retailers and even government entities. If you think you are protected, think again. CyberSecurity Supply Chain Vulnerability exposes everyone and it does so without prejudice. You can learn more about Enterprise level exposure here.

How Do I Fix Supply Chain Vulnerability?

So if you are a business owner or manager, your question has to be, “How do I mitigate Supply Chain Vulnerability if other companies are not in my control? How do I limit that exposure?” The short answer is to contact us and we can discuss your current environment and how you can better protect it. The longer answer is that you can several things to limit your exposure. More and more, companies are making sure that partners have some form of cybersecurity protection in place before they do business. The three most important items on your list are the following;

  1. As part of the ProShark family, you can extend your security environment to include other entities individually and you can either absorb the cost or pass it to the partner company. Find out more or get a quote.
  2. If you want to protect yourself, but keep the security relationship separate, ProShark Cybersecurity offers you the option to have your partner sign up separately, but integrate monitoring at cross-sections between you and your partner. We have monthly monitoring plans starting as low as $499 because we want to make cybersecurity affordable. If this is part of an operating agreement and, as long as the partner agrees, we can keep you in the loop if there are any changes in the client cybersecurity plan to make sure you stay protected. Find out more or get a quote.
  3. With our top tier cybersecurity package, you can add as many monitoring events as you like. This means that you can monitor all Internet and dark web events for you and your partners. Be notified when anything happens out in the ether that may affect your company. Keep track of potential risk before something happens, not after. Contact us to learn more.