Busi­nesses ig­nor­ing crit­i­cal cy­ber se­cu­rity chal­lenge

Cape Argus - - MONEY - BRIAN TIM­PER­LEY Brian Tim­per­ley is the man­ag­ing di­rec­tor and co-founder Tur­rito Net­works, and joint MD of Dial a Nerd.

IN OC­TO­BER, a bomb­shell story was pub­lished claim­ing that an at­tack by Chi­nese spies in­fil­trated 30 US com­pa­nies, in­clud­ing Ama­zon and Ap­ple, and com­pro­mised the coun­try’s tech­nol­ogy sup­ply chain.

The re­port cited 17 uniden­ti­fied sources to sup­port claims that a unit of the Chi­nese Peo­ple’s Lib­er­a­tion Army in­fil­trated the sup­ply chain of com­puter hard­ware maker Su­per Mi­cro Com­puter to plant ma­li­cious chips that could be used to steal cor­po­rate and gov­ern­ment se­crets.

The chips pur­port­edly al­lowed at­tack­ers to cre­ate “a stealth door­way” into any net­work that in­cluded the al­tered ma­chines.

The re­port sent seis­mic shock waves through­out the global cy­ber-se­cu­rity in­dus­try, with tech gi­ants Ama­zon and Ap­ple flatly deny­ing that their se­cu­rity had been com­pro­mised.

While com­pa­nies and gov­ern­ment agen­cies con­tinue to dis­pute the facts, se­cu­rity ex­perts are warn­ing that even if the at­tack didn’t hap­pen, it is plau­si­ble that hard­ware is be­ing in­fil­trated and com­pro­mised within global sup­ply chains.

While lo­cal sup­pli­ers and ser­vice providers may be work­ing with trusted global brands to de­liver prod­ucts and de­vices to South African cus­tomers, those trusted brands have a com­plex sup­ply chain that have risks and vul­ner­a­bil­i­ties of their own.

In most in­stances, sup­ply chains will be­come com­pro­mised and there will be no knowl­edge of it for months or even years down the line.

While there is clearly no easy so­lu­tion or patch, aware­ness and ed­u­ca­tion is crit­i­cal. Sim­ply by be­com­ing aware and in­formed of the cy­ber threats and vul­ner­a­bil­i­ties, busi­ness lead­ers can mit­i­gate some of the po­ten­tial risks.

Busi­ness lead­ers should com­mu­ni­cate with ven­dors and sup­pli­ers and ask them the tough ques­tions. Are they aware of the risks and what pre­cau­tion­ary steps are they tak­ing?

The sup­ply chain is only truly se­cure when all play­ers im­ple­ment ef­fec­tive, co-or­di­nated and proac­tive se­cu­rity mea­sures. To this end, lo­cal com­pa­nies should be­gin to con­sider pro­ce­dures such as an­nual ven­dor risk as­sess­ments, ran­dom spot checks on phys­i­cal de­vices and hard­ware se­cu­rity au­dits on newly-ac­quired equip­ment.

Also, while cy­ber ex­perts look to mit­i­gate threats to hard­ware se­cu­rity, busi­ness own­ers and lead­ers should be im­ple­ment­ing ro­bust sys­tems and pro­ce­dures of their own.

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.