A lot of business and IT executives this week are spending a lot more time thinking about just how vulnerable their supply chains are in the wake of a report that alleges widely used servers have been compromised by a microchip surreptitiously implanted by on motherboards. The veracity of the report is highly disputed. But given the financial impact the report has had on the stock prices of organizations such as Super Micro named in the report, more than a few business leaders are wondering to what degree the systems they rely on are compromised.'Cybersecurity professionals are wondering how much sensitive IP may have been lost if their extended supply chains have been compromised.' ~@MVizardClick To Tweet
Cybersecurity professionals, meanwhile, are wondering just how much sensitive intellectual property may have been lost if it turns out that servers employed by Amazon and others that are part of their organization’s extended supply chains have been compromised.
Supply chain security has always been a concern. But as organizations move to digitize their supply chains the potential for security breaches starts to exponentially increase. Each supply chain is only as going to be as secure as its weakest cybersecurity link. A server compromised halfway around the world that is being employed by a critical supplier could theoretically become a vector through which some of the organizations most critical secrets are being revealed. It’s not hard to extrapolate what the implications are surrounding an order for a large quantity of parts required to make a specific finished product.
'Chances are good that cybersecurity supply chain reviews are about to become a lot more stringent with both larger companies and midmarket enterprises.' ~@mvizardClick To Tweet
Most large companies require cybersecurity reviews of their partners' processes. But those reviews don’t always extend out to their supply chain partner’s partner. Following this week’s reports chances are good those cybersecurity supply chain reviews are about to become a lot more stringent not just within larger companies, but midmarket enterprises as well.
Of course, if it does turn out there are widespread backdoors embedded in motherboards, many of the supply chains being relied on will soon be altered. That may wind up increasing the cost of a finished good, but the alternative is going to unpalatable for many companies that have built a business around core intellectual property. It’s also probable many of those companies will begin to invest more in building blockchain networks through which they can track the chain of custody for parts and equipment using an immutable ledger. That may not stop someone from soldering a microchip on a motherboard. But it would make it a lot easier to find those motherboards should such an incident be discovered.
Cyberespionage is clearly bad for business. Not only does it sow the seeds of distrust in a global economy, but reductions in trade that might stem from cybersecurity concerns could also spark an economic recession.
Hopefully, cooler heads will prevail. But in the meantime, cybersecurity professionals should expect to soon be gearing up for supply chain audits that in many cases are long overdue. Business executives may be disturbed by what those reviews turn up. But then again, an increased awareness of potential threats to supply chain among business executives is not necessarily a bad thing. In fact, many of them might now assume the supply chain is compromised and act accordingly. In the meantime, the only thing scarier than discovering the supply chain is compromised is arguably not knowing.
Barracuda offers security, access, and reliability for cloud-connected networks and applications.
Mike Vizard berichtet seit mehr als 25 Jahren über Themen aus dem IT-Bereich und hat eine Reihe von Publikationen im Bereich Technologie herausgegeben oder zu diesen beigetragen – darunter InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet und Digital Review. Derzeit bloggt er für IT Business Edge und wirkt bei CIOinsight, The Channel Insider, Programmableweb und Slashdot mit. Mike bloggt außerdem über aufkommende Cloud-Technologie für SmarterMSP.