Joe Gray Discusses Dyn DDoS’s Effect on Supply Chain Security
WHAT IS SUPPLY CHAIN SECURITY?
In the most conventional sense, when we think of Supply Chain Security, we immediately equate it to Target and the HVAC vendor that was used to pivot into Target’s network and perform the attack on the Point of Sale (POS) systems that exfiltrated 40 million card numbers and 70 million shopper records (Krebs, 2014). This is not entirely correct in scope.
It does deal with business that we do business with, but it often times considers the threat to be to the bigger business with the smaller business being the threat. This is not always incorrect. I would (without statistic evidence) surmise that the smaller businesses threatening the bigger ones is typically correct.
Supply Chain Security from a broad sense is the aspect of information security that deals with threats posed to organizations through the supply chain: vendors, suppliers, and partners/providers. For the purpose of this post, I am examining the threat that bigger businesses pose to smaller businesses and the threat that companies of the same size pose to each other through supply chain security.
Joe Gray is an enterprise security consultant with Sword & Shield Enterprise Security, Inc. He has worked as a systems engineer, information systems auditor, senior UNIX administrator, information systems security officer and director of IT security.