Supply Chain Hits Cybersecurity Hard

  • By Greg Yarrington
  • Feb 07, 2022

The unpredictable shortage of goods because of pandemic-triggered supply chain problems is broad: plastic cup lids, woodworking tools, paper goods, and lumber, to name a few.

Not to mention computer chips, the lack of which have put many production lines out of whack. Try to buy a new automobile at all, let alone one with some of the features you might want.

“Automotive manufacturers are releasing vehicles with fewer features due to the shortage of chips,” says Nuspire chief security officer J.R. Cunningham. “Cellphone charging pads, infotainment systems, and even heated seats in cars are being pulled away as options in to conserve chips so cars being sold are still drivable with that minimum level of functionality, without the bells and whistles.”

The same shortages are creating potential danger in the cybersecurity world, with stoppages creating opportunities for criminals and shortages making it harder for companies and service firms to shore up online defenses and refresh critical hardware.

Criminals watching
Companies are under surveillance as criminals see disruptions as providing advantages.

“You have a lot of ships that are sitting at sea with unpredictable lead times,” Cunningham says. “It is a ripe opportunity for attackers, especially the Russians, the Iranians, and the Chinese threat actors, who really like to break stuff in the United States and will take advantage of such situations”

In addition, pandemic-induced changes in the nature of how companies conduct business and where people work and study have provided additional opportunities to cybercriminals and state actors.

According to data from the Bureau of Labor Statistics, 17.5 million people, 11.3% of the entire workforce, worked from home in November 2021 completely due to the pandemic—down from the 48.7 million teleworking in May 2020, but still a big number. Other government data has suggested that prior to the pandemic, 13% of wage and salary workers had telework arrangements. There may be some overlap, but upwards of a quarter of the workforce might still be working from home at least part of the time, and that doesn’t account for people who cannot for various reasons work remotely.

"Covid really didn’t change anybody’s security strategy, it just drastically accelerated it—things like remote work and endpoint security, endpoint vulnerability management, and better remote connectivity, these things were already pretty much on everyone’s roadmap,” Cunningham adds.

Companies found themselves rapidly changing how they worked, which meant a sudden need to beef up cybersecurity capabilities to protect the entire enterprise, from remote endpoints to on-premises equipment and networks as well as cloud capabilities.

Supply chain double whammy
Here is where supply chain problems add a second challenge to cybersecurity. Expanded needs means upgrades to both software and hardware. Shortages of chips and other materials have an impact on product availability. Labor shortages anywhere along the supply chain affect arrival times, which can scuttle implementation schedules and plans.

“It really puts us kind of in a bind because we can’t project when things are going to get completed and we can’t move forward with technology refreshes, which exposes our clients and us in terms of using equipment and software that’s more vulnerable to the bad guys,” says Cunningham. “We have to make tradeoffs and any refresh or upgrade may be impacted months, depending on the piece of equipment that needs to be refreshed, so that’s the biggest impact.”

It’s not as though any service providers are in better shape because the issues transcend individual companies. “We talk to all our colleagues and others,” Yarrington says. “Everyone’s trying to figure out a way to manage through it and maneuver it, across the board. You can get lucky in certain spots with certain product lines, but eventually, you'll get delayed by 30 or 60 days or so. It’s universal.”

The situation is far worse for in-house efforts at corporations.

“I can’t tell you how many datacenters I have walked in and seen crusty old servers and firewalls, and network devices that are a decade-and-a-half old,” Cunningham says. “That’s not acceptable in today’s world because the bad guys can sniff that old technology out successfully, so if you're not going to be in the infrastructure business and keep stuff up to date, and you're in a situation now where you woke up and your firewall is end-of-life, you should leverage a third-party provider or the cloud to handle that for you.”

Why a service provider can help
Even though service providers have felt the impact of supply chain problems, they are likely in better shape to manage them, and for their clients, for two major reasons.

One is that they’re hyper aware of security issues—far more so than many corporations, which may be behind in normal maintenance and upgrading. Firms are more active in updating security at critical points, whether network equipment, servers, or endpoints. Companies are more likely to have let things go, falling further behind than the service firms are, and so with more ground to make up.

The second is that the entire firm is focused on providing security. Even during the extended supply chain issue, if they have equipment that needs updating but waiting on shipments, personnel can pay more attention to keep it safe and secure. Such firms are more likely able to keep not just themselves save, but their clients as well.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.