China has had a tough 2020. Intellectual property rights infringement, stealing university and U.S. government-funded research, spys routed out in public, Hong-Kong takeover, Human-right abuses, Coronavirus cover-ups, supply-chain bog downs, and the list goes on. The conclusion is that China has lost its luster with businesses in the United States and abroad. These issues are not new; instead, they have reached a boiling point where the international business community is getting leary of putting too many eggs in China’s basket. The U.S. government has certainly done its share to bring many of these things to light. And while this is happening, and companies look elsewhere to move, the possibilities of increasing North America manufacturing has become more attractive than ever.
The fragility of supply chain security in many ways, rests on the shipping container. The incident in the Suez Canal has shed light on vulnerabilities and complexities within the supply chain.
The Telecommunications Industry Association published a new white paper on SCS 9001, the first process-based supply chain security standard for the information communications technology (ICT) industry.
The recent attack on SolarWind's Orion product demonstrated how vital it is for Chief Information Security Officers (CISOs) and their teams manage supply chain risks and understand all the products in their environment and how they are being used. Here we talk to Michael Lines, CISO and Head of Security Product Management at Cleanshelf, about why the IT and information security community should be concerned after the SolarWinds hack.
As pharmaceutical companies and healthcare organizations turn their attention from the development to the deployment of coronavirus vaccines, well-resourced cybercriminals are hotly following suit. The vaccine supply chain is rife with logistical complexities making the enormously valuable data on the various vaccines deeply attractive to threat actors. In fact, cybercriminals are already attempting to steal vaccine formulas and disrupt operations.
If the experiences of 2020 taught us anything, it’s that risk in the modern world cannot be understood or sufficiently mitigated with a siloed approach. Individual threats, such as regulatory risk and IT security, converge. Lacking a high-level view, it’s difficult to see the web of cause and effect – making it more difficult to anticipate, prepare, or mitigate the biggest risks. 2020 may be over, but the challenges remain in 2021. Compliance and risk management will need a shared umbrella of information and communication to tackle the complex, integrated risks of today’s landscape.
What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?
The goal of the partnership is to improve the training and education of the workforce in support of cybersecurity protection and resilience along with supply chain risk management.
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.
Girl Scouts of Tropical Florida (GSTF), Ryder System Inc. and the University of Tennessee's Global Supply Chain Institute partnered to create supply-chain curriculum for K-12.