NIST Update Supply Chain Guidance

This morning the National Institute of Standards and Technology released new guidance on securing the supply chain against cyber-attacks.

In response, please see below comments from cybersecurity expert who outlines the positive nature of this NIST guidance, exploring how supply chain attacks are becoming increasingly popular targets, and why it is more critical than ever to manage the cybersecurity of the supply chain.

Experts Comments

May 06, 2022
Trevor Dearing
EMEA Director of Critical Infrastructure
Illumio

It is encouraging to see NIST releasing updated guidance acknowledging the increase in cyberattacks targeting the supply chain and the consequent necessity to bolster the supply chain’s cybersecurity.

We can no longer turn a blind eye to the exponential increase in attacks on the IT systems of manufacturers, logistics companies and organisations, that ultimately target the operational part of the business. The truth is threat actors have realised they can increase efficiency and profitability

.....Read More

It is encouraging to see NIST releasing updated guidance acknowledging the increase in cyberattacks targeting the supply chain and the consequent necessity to bolster the supply chain’s cybersecurity.

We can no longer turn a blind eye to the exponential increase in attacks on the IT systems of manufacturers, logistics companies and organisations, that ultimately target the operational part of the business. The truth is threat actors have realised they can increase efficiency and profitability by compromising a single product knowing it will have impact downstream on companies who use it.

Moreover, attacks that disrupt the logistics or manufacturing process can have immediate real-world impacts, further increasing the likelihood any ransom demands will be met as organisations flounder to get critical systems back up and running. The result is that supply chain attacks have increased with a vengeance. 

A Zero Trust approach to security provides organisations with confidence in their supply chain security, because by only allowing known and verified communication between environments, security teams can be sure that an attack on the IT systems will not affect the management or logistics processes. With the move to industry 4.0 and the adoption of cloud connected industrial IoT, the potential impact of a ransomware attack will only continue to grow. That’s why it is important to act now and put security measures in place that will make our infrastructure resilient to attacks – even once they’ve breached our perimeter.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.