SecurityBrief Australia logo
Australia's leading source of security and threat news
Story image
NASA got hacked (again)
Story image
Huawei CEO goes public on CFO arrest & China security concerns
Story image
A10’s app delivery solution now on Azure Marketplace
Story image

Disruption in the supply chain: Why IT resilience is a collective responsibility

14 Dec 18
Contributor

Article by Sandra Bell, Head of Resilience, Sungard Availability Services

Organisations are built upon complex and diverse networks of interconnected players. However, the technology that has enabled these players to work together can also make them vulnerable. 

On one hand, the globalisation of information systems has provided the means for organisational growth and economic prosperity through the easy access of highly available information. On the other, it has facilitated the democratisation of the cyber threat by making the skills and knowledge to exploit information systems widely available. 

Likewise, disruption, of any type, at one end of the chain can reverberate throughout the entire network. For example, the so-called ‘NotPetya’ attack originated from a single implementation targeted at Ukraine but ultimately spread well beyond its borders along supply chains to affect numerous companies globally, causing hundreds of millions of dollars of damages.

But organisations do not have a monopoly on these communication structures and social media has enabled highly public two-way conversations between those at the root of the disruption and those impacted by it, providing a platform for the latter to voice their grievances. 

Unfortunately for organisations, this can have potentially devastating consequences for their relationships with stakeholders and the reputations on which they are built. Competition is fierce, and these stakeholders can, and will, take action to cut businesses out of their global supply chain if they are considered a risk.

Mitigating supply chain risk

Business Continuity teaches us to minimise our supply chain risk by having multiple suppliers for key products and services. 

It has also become common practice to try to further reduce risk by arms-length contracting and “incentivising” supplier performance with hefty fines for non-delivery. These are both excellent strategies if all you want to do is “survive” a disruption. 

However, the modern consumer, who has access to the global marketplace, is no longer satisfied to wait for an organisation to execute a heroic recovery and will vote with their feet at the first sign of trouble.

Organisations, therefore, need to be able to “thrive” despite uncertainty and disruption. To do this, they need friends.

Best practice for networked operations

There are three key ingredients to being able to thrive. First, businesses need to be adaptive, knowing when to change and optimising operations according to the outside environment. Leadership is also crucial – with leaders instilling in people the will to succeed during challenging times. The third and final area - one which is frequently neglected by organisations - is their network. 

Forging and maintaining effective relationships with stakeholders, customers and suppliers is a key component not simply to being able to maintain successful operations, but also to maintaining a competitive advantage and achieving profit and growth. 

This is where an IT can really help. We saw earlier that globalised IT systems facilitated growth and how it has been used against us to create a vulnerability. But if organisations have resilient IT both internally and with their partners, they can also use it to ensure that relationships do not crack under pressure. 

Using IT resilience to promote trust agility and collaboration

How can organisations move from arms-length adversarial relationships to one where they are mutually supportive without placing themselves at undue risk? The first thing to do will be assessing the value of each relationship.

 For example, if the value is measured simply by the commercial contribution that each person makes, the relationship will only be safe when a hard value is being provided.

In contrast, closely coupled networks - where parties help each other out when things go wrong - will be more resilient. Highly collaborative relationships where knowledge and insights are shared mean that people will think twice about dropping you like a stone when things go wrong.

Here are five ways organisations can use IT resilience to create collaborative relationships and boost resilience:

  1. Aim for flexible business relationships - Flexible relationships facilitated by regular information exchanges are mutually beneficial and supportive rather than adversarial. The marker of a resilient organisation is one that is not totally averse to taking risks, and look instead at how the risks of the entire value chain can be best shared among its players
  2. Build strong communications – Shared resilient IT will provide multiple channels through which you can have a constant dialogue with your suppliers, vendors and customers. It will also allow you to talk to them at the earliest stage possible when something goes wrong demonstrating foresight, agility and integrity which will help businesses to avoid grievances being shared on social media
  3. Show commitment to the relationship – Work together to build resilient connections. Businesses that have a vested interest in working on joint future products and services signal to the rest of the network that they are investing for the future rather than just in it for the profit
  4. Ensure that relationships are a strategic issue – IT resilience is often seen as a cost or an insurance for when something goes wrong. However, relationships can be existential. Therefore, if you want the attention of the board make corporate resilience your driver for IT resilience
  5. Practice as a team – When multiple organisations respond together, things get complex. A football team wouldn’t enter into a tournament where the first time the players meet is on the pitch. Organisations should, therefore, use their IT infrastructure connection to wargame their responses to different scenarios and learn how each other responds before it has to be done for real

Weathering the storm

A simple software glitch somewhere in your supply chain is all it takes for you to experience disruption. While most organisations will invest time and money drawing up contingency plans to get the business back on its feet in as short a time as possible, attention must also be paid to the impact a disruption can have on the networks in which they are embedded. 

A robust and agile IT infrastructure can not only be used for transactional purposes between customer and supplier but can also be used to ensure that key relationships with other components of the supply chain are nurtured. A truly resilient organisation will invest in building strong relationships 'while the sun shines' so they can draw on goodwill when it rains.

More:
Share on: LinkedIn Twitter Facebook
Story image
NASA got hacked (again)
Story image
Huawei CEO goes public on CFO arrest & China security concerns
Story image
A10’s app delivery solution now on Azure Marketplace
Virtustream launches cloud automation and security capabilities
Virtustream Enterprise Cloud enhancements accelerate time-to-value for enterprises moving mission critical apps to the cloud.
Twitter suspects state-sponsored ties to support forum breach
One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.
How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
Exclusive: Three access management learnings from 2018
There was a renewed global response to data security in 2018, placing pressure on organisations to assume more responsibility for the data they hold.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
Bin 'em: Those bomb threat emails are complete hoaxes
A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax.
Story image
Marriott sets up call centres to answer questions on data breach
Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.
Story image
Huawei and Oppo fastest growing handsets in Oz
Although they still are far from Apple and Samsung's numbers, the Chinese manufacturers are staking their claim on a piece of the Aussie market.
Story image
Why there will be a battle for the cloud in 2019
Cloud providers such as AWS, Azure, and Google will likely find themselves in a mad scramble to gain additional enterprise customers.
Story image
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
Download image
Whitepaper: How physical access control got where it is today
Despite the enhanced security and convenience that comes from newer options, many organisations are still using outdated and vulnerable access control technology.
Download
Story image
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Story image
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Story image
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Story image
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Download image
Whitepaper: Taking an integrated approach to combatting ransomware
Rather than having multiple different solutions, businesses need to ensure their endpoint management, malware and backup solutions are providing full coverage.
Download
Story image
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Download image
CASE STUDY: Prototyping the most ambitious innovation in audio design yet
Central Innovation helped Nura leverage CAD software SOLIDWORKS to refine and prototype the Nuraphone.
Download
Story image
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Story image
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Download image
Digitally transform or fall behind - 3 key points to remember
In this report Unisys details three key areas focus on when implementing a successful digital transformation as with every opportunity comes risk.
Download
Story image
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Story image
Sponsored
How tech is leading a people-first approach to healthcare
Predictive care management & digital databases: Healthcare is being transformed
Download image
Report: How IT Is responding to digital disruption and innovation
Today “every company is in the software business" to get a competitive edge, and this survey reveals how app dev is affecting IT teams.
Download
Story image
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
Story image
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Story image
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Download image
SIEM can improve security or make it worse – here’s how to get it right
According to Frost & Sullivan, SIEM can either be an enabler or a retardant and there's a thin line between the two - here's the key attributes.
Download
Story image
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Story image
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Story image
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Download image
The six golden keys to successful identity assurance
When someone tries to access your internal systems, how can you be sure a user is who they claim to be?
Download
Download image
Whitepaper: How Philips drives security and privacy in healthcare
Personal data within healthcare records is most valuable, as it can be used, for example, for various malicious purposes.
Download
Download image
Whitepaper: Using your data and AI to tighten cybersecurity
ResponSight focuses on two key areas of cybersecurity – threat detection and enterprise risk measurement – and the need for more sophisticated approaches in each.
Download
Story image
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
Story image
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Story image
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Download image
Whitepaper: How close is your organisation to GDPR compliance?
One of the most significant changes in global privacy law in the last 20 years is the introduction of the EU’s General Data Protection Regulation (GDPR).
Download
Story image
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
Download image
Insights: How 'digital trust' can create competitive advantages
Business leaders can wait and be forced to respond to market change, or they can embrace digital and lead market change themselves.
Download
Download image
Whitepaper: How to protect your business from insider threats
Critical data has moved to the cloud and employees are able to access it from any network, wherever they are in the world.
Download
Download image
A guide to compliance in this new world of legislation
Every day another country joins the fight agains breaches with legislation. Get compliant and stay compliant with this detailed whitepaper.
Download
Story image
Sponsored
Using layered security to stay safe over the holidays
SonicWall’s Capture Labs threat researchers recorded 28 times more ransomware attacks on Black Friday compared to last year.
Story image
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Download image
Infographic: Top security concerns driving Australians
The Unisys Security Index study polled over 1,000 adults between August 19 to September 3, 2018.
Download
Download image
Whitepaper: An inside look at the benefits of cloud
"Cloud computing is revolutionising business, enabling organisations to move faster, spend less and deliver greater value."
Download
Story image
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
Story image
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Download image
Avoid underutilising office space with optimisation solutions
Facility managers and security professionals need a real-time view of how their workforce interacts with a building.
Download
Download image
Whitepaper: The key to compliance is governing access to data
By implementing a governance-based approach to identity governance, companies can secure their organisation’s sensitive data.
Download
Story image
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Download image
Whitepaper: How to detect and respond to threats faster
This white paper uncovers how UEBA reduces your organisational risk and enables you to respond more quickly to attacks.
Download
Story image
Sponsored
Privileged credentials: They're like diamonds for criminals
Criminals are looking to steal any credentials that could allow for privilege escalation.  
Story image
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Story image
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Download image
Whitepaper: Three changes that will make security teams more effective
Organisations are spending more and more money on cybersecurity preventive measures, yet the breaches seem to keep increasing.
Download
Download image
Whitepaper: DNS security for dummies
This whitepaper explores the fundamentals of DNS security and outlines some of the major threats you'll face.
Download
Story image
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
Story image
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Story image
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Download image
Whitepaper: Why it’s critical to detect cyber attacks as they happen
"Many organisations are struggling to keep pace with the speed in which hackers are attacking their systems."
Download
Story image
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Story image
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Download image
Product review: LogRhythm CloudAI a revolutionary tool
SANS has provided an independent review of a new AI analytics solution designed to rescue businesses 'drowning in data' from SIEM platforms.
Download
Story image
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Story image
Sponsored
The Implications of a data disaster and why effective DR is critical
93 percent of companies without disaster recovery who suffer a major data disaster are out of business within one year.
Download image
Whitepaper: Five key ways to lock down BYOD with MFA
IT and security managers need to move beyond usernames and passwords, expanding their use of multi-factor authentication (MFA) to help provide secure and convenient access.
Download
Story image
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Download image
Whitepaper: The 2018 Unisys security index
Globally security concerns among individuals continue to hold at the highest level ever recorded.
Download
Story image
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Story image
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Story image
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
Story image
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."