Published in Harvard Business Review, this article explores three strategies to secure digital supply chains. Digital supply chains consist of software products that rely on software code from open-source libraries or other software vendors.
Those digital supply chains are vulnerable to cyberattacks. Recent examples are the cyberattacks on Kaseya and SolarWinds – or the attack described in Sygnia’s recent research, which we feature in this Spotlight edition.
Summary:
- Today, most software products consist of code IT engineers didn’t write for the software company. Rather, they were pre-written by other vendors or imported from open-source libraries.
- However, these dependencies introduce vulnerabilities because each entity in such software ecosystem places trust in other entities.
- A recent study found that companies experienced 400% more supply chain attacks between July 2019 and March 2020 than combined in all four preceding years.
- To understand better how the threats within the digital supply chain are managed, the authors of the article conducted interviews with executives in small and medium-sized businesses.
- The authors derive three strategies to secure a company’s digital supply chain based on the interview and data.
- IT managers should rely more on automated tools to fix simple vulnerabilities.
- Businesses should conduct a cost-benefit analysis for vulnerability patching.
- Procurers should demand that critical technology vendors implement “hot patching” (that is, patching a vulnerability without having to reboot the software. This is important for industrial control systems that cannot afford downtime).
Why does this matter for businesses?
- Conventional supply chains are easy to picture: trucks arriving at gates loading and unloading goods. Digital supply chains are harder to visualise because software code is intangible.
- But these digital supply chains also provide high exposure to cyber threats (see, for example, the Sygnia investigation).
