Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity & Business ResilienceCybersecurity News

7 Strategies to Defend Against Supply Chain Risks in the Digital Era

By Javvad Malik
supply chain images
November 8, 2016

With the rise of digital and cloud technologies, business models have evolved greatly. In recent years, we’ve seen an increasing number of businesses that are essentially “born in the cloud,” with infrastructure that is fully supported by cloud services. For example, Amazon Web Services (AWS) makes it affordable and easy to start an online company that can scale to compete with larger, well-funded rivals. Similarly, YouTube makes it easy to create and distribute promotional videos, while other social media channels, such as Facebook and Twitter, enable company messaging and marketing campaigns to reach millions around the world. The internet and the cloud are the great equalizers – allowing startups to effectively compete with established companies of any size.

But even brick and mortar companies are increasingly leveraging the internet and cloud services to expand their business. As traditional business models have changed to incorporate these resources, the security risks presented have evolved as well. In today’s world of digital business, the security risks faced by the majority of companies have largely shifted into the cyber realm.

In addition, businesses today now have a much larger dependency on third-party providers and suppliers than they’ve ever had in the past. While suppliers can allow companies to be more innovative, create new products, and further level the playing field against larger competitors, there are also many new dangers and risks that can arise in such distributed ecosystems.

These risks are not hypothetical. Over the past few years, two of the more memorable cases of third-party partners causing security breaches involve The Home Depot and Target. In November 2014, Home Depot disclosed a breach perpetrated by hackers who broke into corporate systems using credentials stolen from a third-party vendor. In December 2013, Target suffered a huge data breach that resulted in 70 million stolen credit card records. The attackers were able to breach Target’s system via a third-party HVAC provider. And other data breaches and security vulnerabilities seem to make it into news headlines on a regular basis.

Protecting Against Supply Chain Risks in the Digital Era

Third-party partners and suppliers remain essential requirements for any business, but for cloud-based companies, this dependency is significantly elevated. It is critical that companies understand and take appropriate steps to manage the risks in their supply chain.

Here are seven best practices that can help all organizations – whether cloud-based or traditional, large or small – protect against third-party threats.

  1. Implement a Business Impact Assessment: Conduct a business impact assessment to understand the level of dependency on each third-party partner. Typically, third parties that play a more critical role in supporting the business will present greater security risks.
  2. Know Your Partners: Keep an up-to-date and accurate record of all business partners and the role that each plays. Relationships evolve over time, and it is important that any changes are captured as they happen.
  3. Document Security Policies: Have a security policy documented for third parties that explains what is expected, how data should be handled, and what needs to happen in the event of an incident. Legal counsel should also be sought to ensure that the terms of such documents are legally binding and enforceable.
  4. Prioritize Communication and Education: Communicate security needs to all partners. Some third parties may not yet appreciate the need for security. If awareness is lacking in the partner ecosystem, an element of education should also be considered.
  5. Provide Technical Assurance: Implement technical controls, especially when a third party has direct access to corporate systems. The existence of certifications and audits can help provide this assurance. However, additional technical assurance can be gained via penetration testing and vulnerability scanning, or by deploying monitoring controls in the partner environment. These strategies can provide a much-needed additional layer of protection.
  6. Leverage Threat Intelligence: Use threat intelligence to understand attack vectors and identify vulnerability points where a third party may have been breached. Threat intelligence provides actionable information about emerging security threats, helping organizations better detect and respond to them.  
  7. Create an Incident Response Plan: Create and document a joint incident response plan that clearly maps out roles and responsibilities in the event of an incident at a third party. Plans should include technical controls, such as isolating critical environments; PR and media communication strategies; and ways to end or replace the third-party service temporarily, or even permanently if a serious breach occurs.

Partners and suppliers are a critical part of a company’s success in the digital era. However, it’s important that organizations understand the risks that lie within the supply chain and take appropriate steps to protect themselves. By implementing the aforementioned best practices into third-party security strategies, organizations can go a long way toward enhancing their ability to detect threats, and respond in a fast and efficient manner if a security breach occurs.

KEYWORDS: cybersecurity preparedness supply chain cyber security supply chain risk supply chain security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Javvad Malik is a security advocate at AlienVault. He’s also a co-founder of Security B-Sides London. An active blogger, event speaker and industry commentator, Malik is known as one of the industry’s most prolific video bloggers with a signature fresh and light-hearted perspective on security.

Prior to joining AlienVault, he was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning. Prior to that, Malik served as an independent security consultant, with a career spanning more than 12 years working for some of the largest companies across the financial and energy sectors.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security Podcast- Welch.jpg

    Listen to Michael Welch and how to address fourth-party risks and improve supply chain security in our latest The Security Podcast episode

    See More
  • Person-working-in-laptop.jpg

    7 ways to protect against cybersecurity threats in digital onboarding

    See More
  • video conference

    How to Defend Against Digital Surveillance when Teleworking

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • April 23, 2025

    Employee Perceptions of Workplace Safety in 2025

    ON DEMAND: Workplace safety continues to be a critical concern in 2025, with employees across industries expressing growing concerns about their safety at work.
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing