WikiLeaks - Supply Chain Edition, Part 2

Report identifies security weaknesses in IT procurement, software development and inter-organizational sharing of IT systems

December 9, 2010
1291924452390 10326072
Bookmark and Share
Milford, MA — December 9, 2010 — Cyber supply chain security is weak within critical industries, with two-thirds of organizations reporting security breaches and one in five contending with sub-standard security, even as the security threat landscape worsens, according to a new report from IT industry analyst and consulting organization Enterprise Strategy Group (ESG).

ESG's new research report, "Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure," is based upon data gathered from a survey of 285 security professionals working at organizations that operate in the 18 industries designated as "critical infrastructure" by the United States Department of Homeland Security.

The report, co-sponsored by Hewlett-Packard and other IT vendors, found that 68 percent of the critical infrastructure organizations surveyed have experienced at least one security breach in the past 24 months, and 13 percent suffered more than three security breaches in the past 24 months.

Twenty percent of respondents working at critical infrastructure organizations rated the effectiveness of their organization's security policies, procedures and technology safeguards as either "fair" or "poor."

Meanwhile, 71 percent of the critical infrastructure organizations surveyed believe that the security threat landscape will grow worse in the next 24-36 months, and 26 percent believe it will be "much worse."

The research also focused specifically on the cyber supply chain policies, processes and technical safeguards used by critical infrastructure organizations. The ESG report uncovered that only a small subset of the critical infrastructure organizations surveyed employ cyber supply chain security best practices, and ESG concludes therefore that many of these firms face an increased risk of a cyber supply chain attack that could impact business operations and service delivery to the public.

"This report highlights that many critical infrastructure organizations can immediately benefit by adopting basic cyber security and supply chain security best practices" said Jon Oltsik, principal analyst at the Enterprise Strategy Group and author of this research report.

Oltsik said that most organizations surveyed were not doing adequate security due diligence on the IT vendors that provide them with products and services. "They haven't instituted secure software development lifecycles across their enterprises, and they don't have a set of security requirements for third-party business partners with whom they share IT systems," he said. "These weaknesses create a real vulnerability and need to be addressed as soon as possible."

Chris Whitener, chief security strategist at HP, said that companies should be able to feel confident in the security of the products they deploy within their data centers. "This report demonstrates a strong client desire for secure processes throughout the supply chain, ensuring the integrity of the IT products that are developed," he said.

Whitener added that, based on the findings from this report, HP already is identifying additional security tests that can be performed during development and QA using HP capabilities like Fortify and the HP Comprehensive Applications Threat Analysis service.

Survey respondents were also asked for their input on the cybersecurity role of the US Federal Government. A vast majority (71 percent) of respondents believe that the Federal Government should be more active with cybersecurity strategies and defenses, and 31 percent believe that that the government should be significantly more active. Respondents suggested that the Federal Government should engage in actions like doing a better job of sharing security information and providing incentives like tax credits to organizations that invest in cybersecurity.

"The report clearly indicates that critical infrastructure organizations are vulnerable to attacks and expect help from the Federal Government," Oltsik said. "I can only hope that this report encourages greater public/private dialogue on cybersecurity and accelerates Federal Government action."

The report is available for download here.

See also the article "WikiLeaks - Supply Chain Edition, Part I."

Bookmark and Share

Related Links

Related Stories — Supply Chain Security


Recommended
Adobe Stock 361324625
Alexis Asks: Safer Trucking for Future Drivers
Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain. Campaigns like Distracted Driver Awareness Month further the importance of staying focused and alert at all times while behind the wheel.
April 23, 2024
Women In Supply Chain Vertical Color
Nominations Close June 7 for 2024 Women in Supply Chain Award
This award recognizes female supply chain leaders and executives whose accomplishments set a foundation for women in all levels of a company’s supply chain network. Submissions close June 7!
April 1, 2024
Flash is your go-to partner for service supply chain solutions
Sponsored
Flash is your go-to partner for service supply chain solutions
Flash specializes in helping OEMs meet customer SLAs. Whatever the scenario, Flash is prepared and equipped to successfully deliver your spare parts.
April 1, 2024
Latest
Miha Creative Adobe Stock 484607009
Manufacturing Sector Leads the Charge on EV and Hybrid Adoption
According to a recent Samsara report, 99% of physical operations leaders have already implemented or plan to implement a sustainability program, while 85% have said that increasing the sustainability of their operations is a high or critical priority.
April 22, 2024
Adobe Stock 404026530
SAP Unveils AI-Driven Supply Chain Innovations to Transform Manufacturing
SAP SE announces AI advancements in its supply chain solutions that will unleash a transformative wave of productivity, efficiency and precision in manufacturing.
April 22, 2024
Baltimore Bridge Christine Adobe Stock 769092028
How Baltimore Bridge Collapse Continues to Impact Shipments
Baltimore is running out of freight to pick up due to the lack of inbound shipments, so the containers at port have been sitting for a while.
April 17, 2024
Adobe Stock 470988697
Semiconductor Supply Chain Dynamics: Navigating Complexity and Change
As the market continuously changes over the course of the next few years, it will be more important than ever for suppliers to be embedded in the events that will impact them not only in the U.S. but globally in terms of geopolitical conflict.
April 20, 2024
Adobe Stock 277780456
Alexis Asks: Redefining the Carbon Footprint
Managing editor Alexis Mizell-Pleasant asks industry experts about various topics developing in the supply chain field. Earth Day is around the corner and acts as a catalyst for change, teeing up sustainability for the coming year.
April 19, 2024
Women In Supply Chain Vertical Color
Nominations Close June 7 for 2024 Women in Supply Chain Award
This award recognizes female supply chain leaders and executives whose accomplishments set a foundation for women in all levels of a company’s supply chain network. Submissions close June 7!
April 1, 2024
Anya Skomorokhova
Pros to Know: PorterLogic's Anya Skomorokhova Talks Go-to-Market Strategy
Anya Skomorokhova , co-founder and COO of PorterLogic, was named one of our Rising Stars award winners from this year’s Pros to Know award.
April 18, 2024
Stock Supply Chain Photo
Global Trade Activity Indicates Rebound in Demand for Manufactured Goods
New data from Tradeshift's Q1 Index of Global Trade Health paints an encouraging picture for global trade, with robust growth observed in China and the United States, alongside indications of a rebound in global demand for manufactured goods.
April 17, 2024
Adobe Stock 485622467
Why All Modules Are Not Created Equal
IoT modules are a critical part of the overall connectivity ecosystem. It’s therefore essential to select a credible provider that prioritizes rigorous testing to identify vulnerabilities and practices the highest level of security and transparency.
April 17, 2024
Shuo Adobe Stock 265254915
AI to Help Optimize Inventory
Peak launched a performance guarantee for inventory availability, enabling businesses to forecast, order, and balance optimal stock levels across a network.
April 16, 2024
Adobe Stock 573355948
Top 5 Tips for Businesses to Meet Sales Tax Obligations More Efficiently
Automated sales and use tax solutions can ensure precision, while also streamlining reporting capabilities and reducing audit risk.
April 13, 2024
Leestat Adobe Stock 503946321
Global Manufacturers Using Inventory Surpluses; Item Shortages Remain Lowest in 4 Years
Underlying data shows global manufacturers are using up inventory surpluses, some of which were accumulated because of Red Sea and Panama Canal disruptions, and cutting back on stockpiling activity.
April 12, 2024
K Ps Photography Adobe Stock 338059393
Greenscreens Ignite to Transform Pricing Analysis, Strategy Implementation
Greenscreens.ai launched Greenscreens Ignite, designed to transform pricing analysis and strategy implementation by enabling brokerages to craft optimized strategies.
April 12, 2024
Adobe Stock 357875609
Economy Overtakes Supply Chain Challenges as Innovation Roadblocks
Report finds respondents expect to slowly close the door on pandemic-related product development challenges, namely material shortages and supply chain disruption.
April 10, 2024
Adobe Stock 202513980
Panasonic Connect Highlights New Automated Manufacturing Solution
Panasonic Connect North America introduces new NPM-GH Pick-and-Place machine. The robotic surface-mount technology is the latest addition to Panasonic Connect’s autonomous factory lineup.
April 9, 2024
Bill Mrzlak Headshot
Pros to Know: ChainSequence's Bill Mrzlak Talks Uniting Sound Supply Chain Practices
Bill Mrzlak, president, ChainSequence, Inc., was named one of our Lifetime Achievement award winners from this year’s Pros to Know award.
April 9, 2024
Adobe Stock 498287166
Implementing PLI Proves Vital in Sustainable Product Design
A Makersite study reveals over half of organizations’ sustainability efforts are driven by regulations despite the benefits from adopting more sustainable product lifecycle intelligence (PLI).
April 8, 2024
Adobe Stock 220174007
Leveraging Recommerce to Strategically Sell Excess Goods
A reverse logistics partner can help an organization make real-time, data-backed decisions on lotting strategies, generate buyer demand and ensure excess and returned inventory is moving in and out of warehouses.
April 5, 2024
Adobe Stock 716542218 (1)
The Next AI Revolution: Helping Businesses Manage Excess Stock
AI-powered functionalities can operate both proactively—ensuring excess stock doesn’t recur—and reactively—helping teams redistribute excess stock moving forward.
April 5, 2024
Adobe Stock 231617101
While 68% of Consumers Lack Loyalty to Fintech Brands, Rewards Can Help
Tillo releases its "Bridging the Loyalty Gap: Consumer Insights for Fintech Engagement and Growth" study, unveiling that 68% of consumers feel no loyalty to fintech companies at this time.
April 3, 2024
Annika Adobe Stock 589591429
Global Business Optimism Continues to Climb, Indicating Sustained Confidence
The latest quarterly report from Dun & Bradstreet highlights a sustained positive trend in the global business outlook, with the Global Business Optimism Index rising 5.4% quarter over quarter.
April 3, 2024
Wisc Forum Logo Resized For Enl
Shattering Glass Ceilings at This Year’s Women in Supply Chain Forum
Registration is open for this year's Women in Supply Chain Forum, scheduled for Nov. 12-13 in Atlanta.
April 1, 2024
Jasont 1
Pros to Know: Nulogy's Jason Tham Talks Supply Chain Unity
Jason Tham, co-founder and CEO of Nulogy, was named one of our Lifetime Achievement award winners from this year’s Pros to Know award,
April 2, 2024
Flash is your go-to partner for service supply chain solutions
Sponsored
Flash is your go-to partner for service supply chain solutions
Flash specializes in helping OEMs meet customer SLAs. Whatever the scenario, Flash is prepared and equipped to successfully deliver your spare parts.
April 1, 2024