magento website developer in india

2022.03.15

source:Computer world

Criminals and national funded hackers have been looking for an easily attacked goal,Network attacks that lead to supply chain continue to increase。AsSANSThe Institute recently pointed out in a report on the safety success mode of supply chain.,Some sensational events indicate the importance of establishing a safe supply chain and often updating。

magento website developer in india(magento website developer in india)· last year4moon,Many American companies's outsourcing companies—IndiaWiproThe company's credible network is broken.,And is used by criminals,We launched a network attack on this Indian company.。

(magento website developer in india)· last year5moon,AdobeFlagMagentoE-commerce platform and7000Additional third-party services in multiple commercial applications have been attacked,Lead toTicketmasterWaiting for many companies and other sensitive information。

· last year5moon,A third-party contractor to the Global Music Group(Universal Music Group)The internal server discloses a sensitive certificate,Sensitive information stored on these servers face great risks。

· last year7moon,British Information Professional Committee for British Airways(British Airways)Attend2.3A fine of US $ 100 million,Accomplish2017Net sales1.5%,The reason is that the company's website and its application have been infected by malware.,Lead to approximately50The sensitive information of 10,000 customers is transferred to the malicious website.。

(magento website developer in india)Author of the report、SANSEmerging trend supervisorJohn PescatoreExplain:“About4Ago,Network criminals began to use the supply chain as an important way to attack important goals,Supply chain security makes more important for Chief Information Security Officers.。”He said,Supply chain security recently received attention,The reason is that some people have aroused the media 'interest in this regard.。

Consulting in ChicagoLibertyConsultation group(LAG)principalArmond ?aglarSupplement:“Criminals are increasingly tend to use the vulnerabilities of third-party suppliers and subcontractors.,Because these entities' defense measures are often shaped。”

SANSReporting research identifies five key factors for effective supply chain security projects:

1.Clear supply chain security responsible person

SANSReport pointed out,Someone must be responsible for security issues in the management chain,Decision involving supply chain security must be made by the high level。The key person can be a board member、CEO、Chief operator、CEO or purchasing supervisor。To cultivate such responsible people,First requested CEOs, security officers or security managers and management,Then cooperate with them,Can't just publish security, even if you work.。

(magento website developer in india)ÇaglarPoke,Responsible person should be trusted by its upper decision makers,And should be placed flat with other relevant executives。He said:“If there is no such internal administrative mechanism,When facing traditional resources and budget restrictions on many business sectors,A suitable supply chain project may be classified as a high cost project,Leading its risk relief work is shelved。”

WebrootIs a protecting computer from viruses、Software manufacturer of malware and network fishing attack,Vice President of EngineeringDavid DufourSupplementary,Not only must be responsible,And the responsible person must be a competent,this point is very important。He explained:“Suitable responsible persons for supply chain security should have an in-depth understanding of security,But the focus of their concern should not be limited to security。They must also take into account business factors,Develop a very comprehensive process。”

(magento website developer in india)SANSofPescatoreadmit,Large companies that are more mature for security conditions,May not need a responsible person。He said:“Big company does not need to be likeITThose responsible person,The responsibility should beITThe security department undertakes,Prove that they are like the business department,Supply chain security quickly。otherwise,Business unit,‘We would rather bear the risk,I don't want to lose market share。’”

2.Know your own supplier

Report explanation,Any successful security project foundation is from asset management、Vulnerability assessment and configuration control。Report,If you don't understand what you want to protect,Then you can't guarantee its security.,Even if you understand the situation,It must also be able to detect when the risk situation has changed.。

(magento website developer in india)The report will then point out,In supply chain security,The corresponding product line management。This means finding all supply chain partners——From one partner to the supplier extended network,Vulnerability regularly,What changes do you have to detect exposure risks?。but,This may be a daunting task。

Automatic threat management solution providerVectraNetwork company's safety analysis supervisorChris MoralesIntroduce:“In some companies,A new supplier is like people using credit cards as simple as,Register a service,Can bring convenience for yourself。A similar decision is made every day,But does not include security audits or suggestions。”

magento website developer in india

Digital shadow company for digital risk protection solutions(Digital Shadows)Vice President of StrategyRick HollandSupplement,Assessing the supply chain is the most challenging work in the risks of risk management.。He explained:“It is easy in the supply chain of a multinational enterprise.1000Multiple companies。Digital transformation era,Many supply chains haveSaaSsupplier,They are more easily replaced more than traditional local suppliers。The result is an evolving transient supply chain。”

HollandContinue to explain:“More complex,The more mergers of a company,The more complex the supply chain is。All of these factors have caused supply chain risk management to become a daunting task.。”

(magento website developer in india)3.Expand multi-supply chain risk assessment method

Report reminder,General risk assessment methods do not apply to most companies。Report explanation,In order to support business response requirements and can monitor the risk level more,It may be necessary to combine various methods——Rapid“First eye”Assessment、In-depth assessment, etc.。

The report continues to point out,Whether it is in the whole or in supply chain management,A universal reason why the security department is ignored is“The security department is too slow”。Report explanation,Business departments often require business managers to withstand a certain degree of risk,Because the risk of delaying the listing is greater。Report,Supply chain security plan should have a hierarchical assessment,Support business needs。

Network security service providerPerimeterXSafety Expansion SpecialistDeepak PatelSay:“The security department should understand the factors of business and promotion of business growth.。They should enter according to business input,Priority sorting threats。”

Webrootthe company'sDufourSupplement:“Many security departments have actually be too slow.。This is a better,They actually only need a bicycle to go to the store to buy biscuits.,But it built the company's interstellar spacecraft,To fly to other solar systems。”

(magento website developer in india)Transnational Network SecurityPalo AltoNetwork company is responsible for the vice president of security operation and maintenanceEric Hallerthink,“Too slow”In fact, it is a sign that is not very good.。He said:“This is too late to participate in the safety department.,Sign from no integration of business unit needs。Establish a partnership with the business department,Early participation,And adjust according to the results,This is the best way to avoid business slowdown。”

(magento website developer in india)Automation is another way to avoid active actions too slow。Global car service company at headquartersGett,Because of deployingPanoraysCompany automation solution,Thereby solving the security problem of supply chain。

CEOEyal Sassonexplained:“Companies need to recognize that a new system is in place,and must pass a security review process to work with suppliers。”He went on to explain,“However,After using the solution we implemented for a month,Due to the very fast speed of automated solutions,Employees didn't feel like there was a glitch in their process。The platform becomes an integral step in the entire supplier's entry into the supply chain。”

4.Extended Dashboard,and to business units andITmanager report

Report recommends use of supply chain security processes and tools,Provides a visual view of current risks to non-security personnel,Enable them to incorporate risk information into their decisions。the report states,Safety systems should be integrated into any existing process,To assess the financial and viability risks of suppliers and partners。And if there is no security system,The visualization style or visualization data of the supply chain security report should be related to the procurement、as similar as possible to what logistics and business operations managers are familiar with。

magento website developer in india(magento website developer in india)LAGofÇaglarSay:“We often hear this statement,But it's true:safety is notITquestion。This is a common business conundrum,Requires acceptance and participation from all stakeholders in the business。”he continued:“Business units are often responsible for managing suppliers that provide outsourced services on their behalf。Dashboards used by various business units,Valuable data can be generated for higher risk suppliers,These suppliers have accumulated a high risk in some ways,action is needed。”

Çaglaradded:“This allows business units to insist on certain technical or management controls,as a condition of continued business with the supplier,even as a means of renegotiating the terms of service-level agreements。”

5.Close the loop with suppliers

The report explains,Manufacturers have known for a long time,Simply weeding out inferior suppliers is not a good way to successfully implement a quality control program。they realize they have to“closed loop”——Provide feedback to encourage all suppliers to adopt higher quality processes。

The report goes on to state,The same goes for supply chain security programs。An effective supply chain security program must include feedback to suppliers,As well as providing assessment and rating results in a visual way,The purpose is to correct unresolved issues and drive improvement as a whole。

(magento website developer in india)Report alerts business leaders,When Attacks Against Supply Chain Partners Succeed,Customers will blame the business,rather than the supply chain。the report states,Most direct attacks against the supply chain can be defended against with basic security environment safeguards,This is a key fundamental factor。Supply chain security programs should be very flexible,Only then can it keep pace with the scale and speed of purchasing decisions。

The report added,The good news is,For many boards and clients,They believe supply chain security is a top priority。The report also pointed out,By demonstrating a strategic approach to improving or creating a supply chain security program,Security managers have access to the necessary change support,to more effectively improve the security of the supply chain。

author:John MelloWrote articles on technology and cybersecurity for many web publications,former《Boston Business Journal》and《boston phoenix》Editor-in-Chief of。

compile:Charles

Original URL:
https://www.csoonline.com/article/3449238/5-keys-to-protect-your-supply-chain-from-cyberattacks.html

返回列表
更多新闻资讯