Published at Harvard Business Review, this article explores three strategies to secure digital supply chains. Digital supply chains consist of software products that themselves rely on software code from open-source libraries or other software vendors.
Those digital supply chains are vulnerable to cyberattack. Recent examples are the cyberattacks on Kaseya and SolarWinds – or the attack described in Sygnia’s recent research, which we feature in this Spotlight edition.
- Today, most software products consist of code that wasn’t written by IT engineers of the software’s company. Rather, they were pre-written by other vendors, or imported from open-source libraries.
- But these dependencies introduce vulnerabilities, because each entity in such software ecosystem places trust in other entities.
- A recent study found that companies experienced 400% more supply chain attacks between July 2019 and March 2020 than in all four preceding years combined.
- To understand better how the threat within digital supply chain is managed, the authors of the article conducted interviews with executives in small and medium sized businesses.
- Based on the interview and data, the authors derive three strategies to secure a company’s digital supply chain.
- IT managers should rely more on automated tools to fix simple vulnerabilities.
- Businesses should conduct cost-benefit analysis for vulnerability patching.
- Procurers should demand that critical technology vendors implement “hot patching” (that is, patching a vulnerability without having to reboot the software. This is important for industrial control systems that cannot afford downtime).
Why does this matter for businesses?
- Conventional supply chains are easy to visually picture: trucks arriving at gates with goods being loaded and unloaded. Digital supply chains are harder to visualise, because software code is intangible.
- But these digital supply chains also provide high exposure to cyber threats (see, for example, the Sygnia investigation).