Supply Chain Hits Cybersecurity Hard

The unpredictable shortage of goods because of pandemic-triggered supply chain problems is broad: plastic cup lids, woodworking tools, paper goods, and lumber, to name a few.

Not to mention computer chips, the lack of which have put many production lines out of whack. Try to buy a new automobile at all, let alone one with some of the features you might want.

“Automotive manufacturers are releasing vehicles with fewer features due to the shortage of chips,” says Nuspire chief security officer J.R. Cunningham. “Cellphone charging pads, infotainment systems, and even heated seats in cars are being pulled away as options in to conserve chips so cars being sold are still drivable with that minimum level of functionality, without the bells and whistles.”

The same shortages are creating potential danger in the cybersecurity world, with stoppages creating opportunities for criminals and shortages making it harder for companies and service firms to shore up online defenses and refresh critical hardware.

Criminals watching
Companies are under surveillance as criminals see disruptions as providing advantages.

“You have a lot of ships that are sitting at sea with unpredictable lead times,” Cunningham says. “It is a ripe opportunity for attackers, especially the Russians, the Iranians, and the Chinese threat actors, who really like to break stuff in the United States and will take advantage of such situations”

In addition, pandemic-induced changes in the nature of how companies conduct business and where people work and study have provided additional opportunities to cybercriminals and state actors.

According to data from the Bureau of Labor Statistics, 17.5 million people, 11.3% of the entire workforce, worked from home in November 2021 completely due to the pandemic—down from the 48.7 million teleworking in May 2020, but still a big number. Other government data has suggested that prior to the pandemic, 13% of wage and salary workers had telework arrangements. There may be some overlap, but upwards of a quarter of the workforce might still be working from home at least part of the time, and that doesn’t account for people who cannot for various reasons work remotely.

"Covid really didn’t change anybody’s security strategy, it just drastically accelerated it—things like remote work and endpoint security, endpoint vulnerability management, and better remote connectivity, these things were already pretty much on everyone’s roadmap,” Cunningham adds.

Companies found themselves rapidly changing how they worked, which meant a sudden need to beef up cybersecurity capabilities to protect the entire enterprise, from remote endpoints to on-premises equipment and networks as well as cloud capabilities.

Supply chain double whammy
Here is where supply chain problems add a second challenge to cybersecurity. Expanded needs means upgrades to both software and hardware. Shortages of chips and other materials have an impact on product availability. Labor shortages anywhere along the supply chain affect arrival times, which can scuttle implementation schedules and plans.

“It really puts us kind of in a bind because we can’t project when things are going to get completed and we can’t move forward with technology refreshes, which exposes our clients and us in terms of using equipment and software that’s more vulnerable to the bad guys,” says Cunningham. “We have to make tradeoffs and any refresh or upgrade may be impacted months, depending on the piece of equipment that needs to be refreshed, so that’s the biggest impact.”

It’s not as though any service providers are in better shape because the issues transcend individual companies. “We talk to all our colleagues and others,” Yarrington says. “Everyone’s trying to figure out a way to manage through it and maneuver it, across the board. You can get lucky in certain spots with certain product lines, but eventually, you'll get delayed by 30 or 60 days or so. It’s universal.”

The situation is far worse for in-house efforts at corporations.

“I can’t tell you how many datacenters I have walked in and seen crusty old servers and firewalls, and network devices that are a decade-and-a-half old,” Cunningham says. “That’s not acceptable in today’s world because the bad guys can sniff that old technology out successfully, so if you're not going to be in the infrastructure business and keep stuff up to date, and you're in a situation now where you woke up and your firewall is end-of-life, you should leverage a third-party provider or the cloud to handle that for you.”

Why a service provider can help
Even though service providers have felt the impact of supply chain problems, they are likely in better shape to manage them, and for their clients, for two major reasons.

One is that they’re hyper aware of security issues—far more so than many corporations, which may be behind in normal maintenance and upgrading. Firms are more active in updating security at critical points, whether network equipment, servers, or endpoints. Companies are more likely to have let things go, falling further behind than the service firms are, and so with more ground to make up.

The second is that the entire firm is focused on providing security. Even during the extended supply chain issue, if they have equipment that needs updating but waiting on shipments, personnel can pay more attention to keep it safe and secure. Such firms are more likely able to keep not just themselves save, but their clients as well.

Featured

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3