Supply chain security requires thinking holistically about cyber supply chain risk management, what can be done to bolster security through technology, any changes to business processes, and how people are trained and supported.
Mitigation starts with some technology basics, including making sure all those participating in a supply chain are using safeguards such as two-factor authentication, biometric access controls (where permitted or applicable), and security and incident monitoring tools.
Cyber criminals have also been known to target potential weaknesses in open-source software, so applications based on that kind of code should be tested regularly and monitored closely. The design process for any vendors should be well-documented, and vendors should be able to provide details on how they address vulnerabilities such as zero-day threats.
Process considerations could include making sure to remove network access to third parties once a contract has been completed. Regular server and network audits should be conducted to ensure admin and access policies are up to date and being enforced.
It may be necessary to revisit or reconsider device use policies, such as bring your own device (BYOD). These can be a popular attack vector for malware and phishing schemes. Employees may also need to be given direction on how they should connect to the network, such as via a virtual private network (VPN).