April brings us spring weather, tax filing deadlines, and also supply chain integrity month.
US-CERT is helping to call attention to an important risk that all organizations face. Per the US-CERT posting (https://www.us-cert.gov/ncas/current-activity/2019/04/01/Supply-Chain-Integrity-Month):
The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of a network environment.
Despite the risk that the supply chain introduces into organizations, it is all too often a problem that is approached inefficiently and ineffectively.
The Office of the Director of National Intelligence summarizes the problem quite well (https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats):
These adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals.
Of course, the problem extends well beyond just government and critical infrastructure. It extends into all industries and sectors. Yet, organizations can hardly be faulted for paying Vendor Risk Management (VRM) less attention than it deserves. Historically, VRM has been an area lacking creative, efficient, and helpful technological solutions. Instead, it has been an area overwhelmed by manual, labor-intensive processes that can’t possibly assess, manage, and mitigate the risk that the supply-chain poses.
At IDRRA, we believe in helping organizations efficiently and effectively tackle VRM. It’s our passion, and it’s what drives and energizes us day-to-day. Our industry-leading platform takes the pain and headache out of the VRM process, allowing organizations to focus on reducing supply-chain risk.
Every month should be supply-chain integrity month, and with IDRRA, it is. There is no time like the present to make the most of supply-chain integrity month and to get your VRM program off the ground. In fact, IDRRA (https://idrra.com/) can help you get started – register for a free account today.