Supply Chain Hits Cybersecurity Hard

The unpredictable shortage of goods because of pandemic-triggered supply chain problems is broad: plastic cup lids, woodworking tools, paper goods, and lumber, to name a few.

Not to mention computer chips, the lack of which have put many production lines out of whack. Try to buy a new automobile at all, let alone one with some of the features you might want.

“Automotive manufacturers are releasing vehicles with fewer features due to the shortage of chips,” says Nuspire chief security officer J.R. Cunningham. “Cellphone charging pads, infotainment systems, and even heated seats in cars are being pulled away as options in to conserve chips so cars being sold are still drivable with that minimum level of functionality, without the bells and whistles.”

The same shortages are creating potential danger in the cybersecurity world, with stoppages creating opportunities for criminals and shortages making it harder for companies and service firms to shore up online defenses and refresh critical hardware.

Criminals watching
Companies are under surveillance as criminals see disruptions as providing advantages.

“You have a lot of ships that are sitting at sea with unpredictable lead times,” Cunningham says. “It is a ripe opportunity for attackers, especially the Russians, the Iranians, and the Chinese threat actors, who really like to break stuff in the United States and will take advantage of such situations”

In addition, pandemic-induced changes in the nature of how companies conduct business and where people work and study have provided additional opportunities to cybercriminals and state actors.

According to data from the Bureau of Labor Statistics, 17.5 million people, 11.3% of the entire workforce, worked from home in November 2021 completely due to the pandemic—down from the 48.7 million teleworking in May 2020, but still a big number. Other government data has suggested that prior to the pandemic, 13% of wage and salary workers had telework arrangements. There may be some overlap, but upwards of a quarter of the workforce might still be working from home at least part of the time, and that doesn’t account for people who cannot for various reasons work remotely.

"Covid really didn’t change anybody’s security strategy, it just drastically accelerated it—things like remote work and endpoint security, endpoint vulnerability management, and better remote connectivity, these things were already pretty much on everyone’s roadmap,” Cunningham adds.

Companies found themselves rapidly changing how they worked, which meant a sudden need to beef up cybersecurity capabilities to protect the entire enterprise, from remote endpoints to on-premises equipment and networks as well as cloud capabilities.

Supply chain double whammy
Here is where supply chain problems add a second challenge to cybersecurity. Expanded needs means upgrades to both software and hardware. Shortages of chips and other materials have an impact on product availability. Labor shortages anywhere along the supply chain affect arrival times, which can scuttle implementation schedules and plans.

“It really puts us kind of in a bind because we can’t project when things are going to get completed and we can’t move forward with technology refreshes, which exposes our clients and us in terms of using equipment and software that’s more vulnerable to the bad guys,” says Cunningham. “We have to make tradeoffs and any refresh or upgrade may be impacted months, depending on the piece of equipment that needs to be refreshed, so that’s the biggest impact.”

It’s not as though any service providers are in better shape because the issues transcend individual companies. “We talk to all our colleagues and others,” Yarrington says. “Everyone’s trying to figure out a way to manage through it and maneuver it, across the board. You can get lucky in certain spots with certain product lines, but eventually, you'll get delayed by 30 or 60 days or so. It’s universal.”

The situation is far worse for in-house efforts at corporations.

“I can’t tell you how many datacenters I have walked in and seen crusty old servers and firewalls, and network devices that are a decade-and-a-half old,” Cunningham says. “That’s not acceptable in today’s world because the bad guys can sniff that old technology out successfully, so if you're not going to be in the infrastructure business and keep stuff up to date, and you're in a situation now where you woke up and your firewall is end-of-life, you should leverage a third-party provider or the cloud to handle that for you.”

Why a service provider can help
Even though service providers have felt the impact of supply chain problems, they are likely in better shape to manage them, and for their clients, for two major reasons.

One is that they’re hyper aware of security issues—far more so than many corporations, which may be behind in normal maintenance and upgrading. Firms are more active in updating security at critical points, whether network equipment, servers, or endpoints. Companies are more likely to have let things go, falling further behind than the service firms are, and so with more ground to make up.

The second is that the entire firm is focused on providing security. Even during the extended supply chain issue, if they have equipment that needs updating but waiting on shipments, personnel can pay more attention to keep it safe and secure. Such firms are more likely able to keep not just themselves save, but their clients as well.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3