Supply Chain Hits Cybersecurity Hard

  • By Greg Yarrington
  • Feb 07, 2022

The unpredictable shortage of goods because of pandemic-triggered supply chain problems is broad: plastic cup lids, woodworking tools, paper goods, and lumber, to name a few.

Not to mention computer chips, the lack of which have put many production lines out of whack. Try to buy a new automobile at all, let alone one with some of the features you might want.

“Automotive manufacturers are releasing vehicles with fewer features due to the shortage of chips,” says Nuspire chief security officer J.R. Cunningham. “Cellphone charging pads, infotainment systems, and even heated seats in cars are being pulled away as options in to conserve chips so cars being sold are still drivable with that minimum level of functionality, without the bells and whistles.”

The same shortages are creating potential danger in the cybersecurity world, with stoppages creating opportunities for criminals and shortages making it harder for companies and service firms to shore up online defenses and refresh critical hardware.

Criminals watching
Companies are under surveillance as criminals see disruptions as providing advantages.

“You have a lot of ships that are sitting at sea with unpredictable lead times,” Cunningham says. “It is a ripe opportunity for attackers, especially the Russians, the Iranians, and the Chinese threat actors, who really like to break stuff in the United States and will take advantage of such situations”

In addition, pandemic-induced changes in the nature of how companies conduct business and where people work and study have provided additional opportunities to cybercriminals and state actors.

According to data from the Bureau of Labor Statistics, 17.5 million people, 11.3% of the entire workforce, worked from home in November 2021 completely due to the pandemic—down from the 48.7 million teleworking in May 2020, but still a big number. Other government data has suggested that prior to the pandemic, 13% of wage and salary workers had telework arrangements. There may be some overlap, but upwards of a quarter of the workforce might still be working from home at least part of the time, and that doesn’t account for people who cannot for various reasons work remotely.

"Covid really didn’t change anybody’s security strategy, it just drastically accelerated it—things like remote work and endpoint security, endpoint vulnerability management, and better remote connectivity, these things were already pretty much on everyone’s roadmap,” Cunningham adds.

Companies found themselves rapidly changing how they worked, which meant a sudden need to beef up cybersecurity capabilities to protect the entire enterprise, from remote endpoints to on-premises equipment and networks as well as cloud capabilities.

Supply chain double whammy
Here is where supply chain problems add a second challenge to cybersecurity. Expanded needs means upgrades to both software and hardware. Shortages of chips and other materials have an impact on product availability. Labor shortages anywhere along the supply chain affect arrival times, which can scuttle implementation schedules and plans.

“It really puts us kind of in a bind because we can’t project when things are going to get completed and we can’t move forward with technology refreshes, which exposes our clients and us in terms of using equipment and software that’s more vulnerable to the bad guys,” says Cunningham. “We have to make tradeoffs and any refresh or upgrade may be impacted months, depending on the piece of equipment that needs to be refreshed, so that’s the biggest impact.”

It’s not as though any service providers are in better shape because the issues transcend individual companies. “We talk to all our colleagues and others,” Yarrington says. “Everyone’s trying to figure out a way to manage through it and maneuver it, across the board. You can get lucky in certain spots with certain product lines, but eventually, you'll get delayed by 30 or 60 days or so. It’s universal.”

The situation is far worse for in-house efforts at corporations.

“I can’t tell you how many datacenters I have walked in and seen crusty old servers and firewalls, and network devices that are a decade-and-a-half old,” Cunningham says. “That’s not acceptable in today’s world because the bad guys can sniff that old technology out successfully, so if you're not going to be in the infrastructure business and keep stuff up to date, and you're in a situation now where you woke up and your firewall is end-of-life, you should leverage a third-party provider or the cloud to handle that for you.”

Why a service provider can help
Even though service providers have felt the impact of supply chain problems, they are likely in better shape to manage them, and for their clients, for two major reasons.

One is that they’re hyper aware of security issues—far more so than many corporations, which may be behind in normal maintenance and upgrading. Firms are more active in updating security at critical points, whether network equipment, servers, or endpoints. Companies are more likely to have let things go, falling further behind than the service firms are, and so with more ground to make up.

The second is that the entire firm is focused on providing security. Even during the extended supply chain issue, if they have equipment that needs updating but waiting on shipments, personnel can pay more attention to keep it safe and secure. Such firms are more likely able to keep not just themselves save, but their clients as well.

Featured

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

  • AI Used as Part of Sophisticated Espionage Campaign

    A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now

  • Why the Future of Video Security Is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reasons. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. Read Now

  • UL Solutions Launches Artificial Intelligence Safety Certification Services

    UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now

  • ESA Announces Initiative to Introduce the SECURE Act in State Legislatures

    The Electronic Security Association (ESA), the national voice for the electronic security and life safety industry, has announced plans to introduce the SECURE Act in state legislatures across the country beginning in 2025. The proposal, known as Safeguarding Election Candidates Using Reasonable Expenditures, provides a clear framework that allows candidates and elected officials to use campaign funds for professional security services. Read Now

    • Guard Services
Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.