Cyber threats know no bounds. More and more, cyber criminals are targeting and exploiting blind spots in organizations, including supply chain hardware and software. Successful infiltration puts both critical data and infrastructure at risk.
But, as the saying goes, it’s better to be proactive than reactive (which, really, is the whole idea behind risk management), so if you don’t already have procedures in place to prevent and mitigate a cyber attack, now is the time.
The National Institute of Standards and Technology has stepped up with a set of guidelines aimed at supply chain managers who are tasked with risk management implementation. It recommends a “multi-pronged, mission-driven approach” to protecting infrastructure.
For example, the NIST suggests setting up “acquisition guidelines that help integrate supply chain practices into IT acquisitions,” as well as adopting standards on supply chain practices for integrators and suppliers. It also suggests that federal departments and agencies make it easier to manage supply chain risks after an information system is in place.
While the recommendations are geared toward the federal government, they can certainly be tailored to your own organization. Use these guidelines in conjunction with the NIST’s guide for conducting risk assessments to determine the best response to a threat and to maintain awareness with the organization to prevent the threat from happening in the first place.