Over the past several years, attacks have targeted supply chains across multiple industries and have impacted both the actual operations of the supply chain and the products that these supply chains produce. The supply chain is vulnerable to cyber and physical attacks that can lead to critical operational disruptions, significant damage to brand and reputation, product safety, loss or theft of intellectual property, and substantial fines and fees. What’s more, these types of attacks are increasing and growing in sophistication as the supply chains of major industries are a prime target for malicious actors.
We are seeing the very tools that were previously only available to nation-state attackers being used by sophisticated attackers for corporate espionage, profit and disruption.1 These very attackers are looking to disrupt critical supply chain and infrastructure much like a nation-state would have in the past. Previously, attackers were only able to target a few computers at once. These widespread attacks make them much more dangerous. You are always a prime target for both state-sponsored attackers and much more.
In Gartner's “Future of Supply Chain Study”2, Heads of Supply Chain were asked, “In terms of data security/IT incidents as a supply chain risk, which of the following capabilities does your company have?” Reponses show that organizational adequacy to handle data security is varied.
In the Forrester Analytics Global Business Technographics® Security Survey, 20183, 55% of enterprise network security decision makers reported experiencing at least one breach in the past 12 months. Forty-four percent of those breaches were the result of an internal incident involving an employee or business partner. Internal incidents can involve employees who simply make poor decisions regarding the handling and use of the firm’s sensitive data – or employees with malicious intent. Malicious insiders can also work in collusion with external threat actors: 41% of the breaches that enterprise respondents reported came at the hands of external threat actors. In addition:
The National Institute of Standards and Technology (NIST)4 shared what they consider to be some of the best practices in supply chain risk management. These best practices are based on three cybersecurity principles.
Cybersecurity is never just a technology problem – it’s a people, processes and knowledge problem. Breaches tend to be less about a technology failure and more about human error. Information and operational technology security systems won’t secure critical information and intellectual property unless people throughout the supply chain use good cybersecurity practices.
Companies have adopted a variety of practices that help them manage their cyber supply chain risks. The following are a few of the practices:
Every day, around the world, businesses are at risk of cyberattacks. Honeywell acknowledges the risk and believes the best way to minimize attacks and the losses that result from them is to take a pervasive and holistic approach to security. Pervasive means Honeywell approaches security from multiple angles, which include gathering intelligence on cyber events in multiple industries, building protections directly into devices and software, and maintaining a 24/7 level of vigilance on the cyber climate. A holistic approach to security means that we need to pay attention to the entire picture and individual aspects of a product offering.
Honeywell aims to integrate all these elements designed to safeguard an organization to empower our customers to build a solution with security built in from the beginning. We focus on protecting you and our products (e.g., mobile computers, scanners and printers) against sophisticated attacks at all levels, from low-level opportunistic hackers to industrial espionage and cyber criminals. Honeywell is a founding member of the ISA Global Security Alliance, which means that all of our products go through ISA62433 security requirements from their inception.
Honeywell’s story begins 100+ years ago as a global leader in industrial manufacturing and advanced technology. We have used that expertise to drive cybersecurity innovation with over 15 years as a key leader in industrial cybersecurity solutions helping transform and protect the world’s most critical infrastructures. Our broad portfolio includes Operational Technology (OT) cybersecurity software products and services that allow customers to simplify, strengthen and scale industrial cybersecurity across an enterprise.
Our global team of 300+ Certified Cybersecurity Experts have successfully implemented 5,000+ cybersecurity projects, managed 400+ industrial cybersecurity sites, conducted hundreds of risk assessments and have the breadth of resources to help execute projects of every size and complexity across 70 industry sectors often involving critical infrastructure and national security. These include: supply chain, healthcare, oil and gas, refining, pulp and paper, industrial power generation, chemicals and petrochemicals, biofuels, life sciences, CPG, F&B, utilities, water/waste, metals, minerals and mining industries.
Honeywell’s large footprint in multiple industries gives us a broad view of emerging cybersecurity threats in their earliest stages in industries where the typical cybersecurity offerings are not usually present. This allows us to identify issues, develop countermeasures and deploy them to our customers earlier than our competition in this industry that usually does not receive attention. We also leverage relationships to receive pre-disclosures of vulnerabilities from industry councils and partners including Intel, Qualcomm and Google as well as from our participation and work with various organizations such as ICS-CERT (concentrated around Industrial Controls), NVD, DHS CISA and many more. Furthermore, Honeywell’s size, strength and global presence allows us to leverage the broad investment in security across our enterprise.
Cybersecurity is core to Honeywell. We design security into our products, policies and processes. Our baked-in-from-inception approach to cybersecurity, design-to-delivery process has a strong emphasis on building security into products to anticipate and mitigate risk before a breach can happen. We do this by embedding deep domain knowledge, product testing and security requirements of industry-leading security practices throughout our full design and development process to ensure our solutions are as secure as possible from the start.
We aim to make our solutions as free of vulnerabilities and attack surface as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. We believe security must evolve with the product that our customers purchase. A group of dedicated white-hat penetration testers with industry-leading certifications such as OSCE/OSCP, completely independent from the engineering team, continuously test our solutions to ensure we have the highest standards for defense.
Contact an Abetech Solutions Expert today!