Regularly monitor users and permissions for external parties, and have the security of the systems used for this purpose checked. If you offer products or services with software components: Conduct a threat modeling process to identify points of interest for hackers in your services/products.
The digital connections between companies are often not as well secured as internal systems. Hackers often exploit connections between companies along the supply chain to access sensitive data and initiate actual attacks.
The following measures help minimise these risks:
- Companies should consider not only their own systems and processes but also those of their partners along the supply chain when selecting security measures. Security measures should be aligned with partners.
- Collaboration with suppliers and other business partners, especially through the exchange of information about current threats and effective solutions, enables companies to jointly counter potential attacks and improve the resilience of the entire supply chain.
- Companies should conduct regular security reviews along the supply chain—such as assessing whether the users and authorisations used are still up-to-date—or engage a penetration tester to check the quality of their security measures.
Podcast Episode 5 Supply Chain (only available in German)
Fundamentally, all employees of companies working along the supply chain should have strong security awareness to defend against social engineering attacks from hackers. Coordinated actions between the participating companies are very helpful. If you offer digital products or services, you have corresponding security responsibilities—for your customers and the other companies in the supply chain.