Businesses ignoring critical cyber security challenge
IN OCTOBER, a bombshell story was published claiming that an attack by Chinese spies infiltrated 30 US companies, including Amazon and Apple, and compromised the country’s technology supply chain.
The report cited 17 unidentified sources to support claims that a unit of the Chinese People’s Liberation Army infiltrated the supply chain of computer hardware maker Super Micro Computer to plant malicious chips that could be used to steal corporate and government secrets.
The chips purportedly allowed attackers to create “a stealth doorway” into any network that included the altered machines.
The report sent seismic shock waves throughout the global cyber-security industry, with tech giants Amazon and Apple flatly denying that their security had been compromised.
While companies and government agencies continue to dispute the facts, security experts are warning that even if the attack didn’t happen, it is plausible that hardware is being infiltrated and compromised within global supply chains.
While local suppliers and service providers may be working with trusted global brands to deliver products and devices to South African customers, those trusted brands have a complex supply chain that have risks and vulnerabilities of their own.
In most instances, supply chains will become compromised and there will be no knowledge of it for months or even years down the line.
While there is clearly no easy solution or patch, awareness and education is critical. Simply by becoming aware and informed of the cyber threats and vulnerabilities, business leaders can mitigate some of the potential risks.
Business leaders should communicate with vendors and suppliers and ask them the tough questions. Are they aware of the risks and what precautionary steps are they taking?
The supply chain is only truly secure when all players implement effective, co-ordinated and proactive security measures. To this end, local companies should begin to consider procedures such as annual vendor risk assessments, random spot checks on physical devices and hardware security audits on newly-acquired equipment.
Also, while cyber experts look to mitigate threats to hardware security, business owners and leaders should be implementing robust systems and procedures of their own.