Supply Chain Risks

(OBJ 2.3 & 5.3)

"You are only as strong as the weakest link in your supply chain"

Hardware Manufacturers

• Products like routers and switches are composed of many components from various suppliers
  • They can each be a potential vulnerability if they're tampered with or if sourced from untrustworthy vendors.
• Component tampering or untrustworthy vendors can introduce vulnerabilities
• Rigorous supply chain assessments needed to trace origins and component integrity
• Trusted foundry programs ensure secure manufacturing of microprocessors to perform only their designated functions.
• Often overlook risk: Purchase of additional hardware from secondary or aftermarket sources.
  • Budget friendly, but higher risk

Secondary/Aftermarket Sources

• Risk of acquiring counterfeit or tampered devices
• Devices may contain malware or vulnerabilities
• Budget-friendly but high-risk option

Software Developers/Providers

• Software developers and software providers are integral cogs in the supply chain
  • However, software can introduce vulnerabilities
• Check for proper licensing, authenticity, known vulnerabilities, and malware
• Open-source software allows source code review
• Proprietary software can be scanned for vulnerabilities
  • Using an anti-virus solution

Service Providers/MSPs

• Managed Service Providers (MSPs)
  • Organizations that provide a range of technology services and support to businesses and other clients
  • Most offer SaaS solutions
• Security challenges with Software-as-a-Service (SaaS) providers
  • Data confidentiality and integrity concerns
  • Assess provider's cybersecurity protocols and support for security incidents
  • Vendor selection should consider due diligence, historical performance, and commitment to security
• Considerations
  • Evaluate data security measures
  • Ensure confidentiality and integrity
  • Assess cybersecurity protocols
  • Response to a security breach
    • Full scale incident response or investigation if needed