Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.

Supply chains, many stretching around the globe and some made up of tens of thousands of links, are critical to modern business. Strong supply chains allow for the economical development of products ranging from stuffed toys to enterprise applications. Unfortunately, the same supply chains that make business possible can also make it a far riskier proposition.

Third-party risk, of which supply chain risk is one component, is increasingly understood as critical in gaining a complete picture of the threats an organization faces. But how can an organization decide when to take a harder look at the supply chain? What are the signs or events that indicate special concern should govern supply chain relationships?

Before we look for those answers, we have to acknowledge that "supply chain" is a phrase with more than one definition. It can refer to the components and services that are brought together to create an organization's products. If can also refer to the software components, apps, and cloud services that developers use as part of enterprise applications (or applications licensed to customers). And it can refer to critical services like electrical power, water, and other energy sources required for both basic administration and manufacturing processes. The companies providing any of these can be both critical partner and tremendous threat through inadvertent criminal cyber activity.

Dark Reading talked to a number of cybersecurity professionals looking for best practices governing these third-party relationships. Out of those conversations came a half-dozen signs and indicators that your supply chain risk factors have shot up -- and your attention is needed.

(Image: Natalya Lys VIA Adobe Stock)

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights