In an interview with Stuart Madnick, an information security expert from MIT, he noted that most companies perceive cybersecurity defense in the supply chain as something that should only prevent malicious actors from infiltrating their systems. The problem with this perception is that it does not take into account the damages that can occur through authorized entry points, whether intentional or unintentional. &nbsp

According to Madnick, these types of attacks, known as supply chain cyberattacks, generally occur in five different forms: through physical components or parts acquired from suppliers, through network providers, through external software suppliers or partners, through external service providers and subcontractors, and through mergers and acquisitions. &nbsp

To defend against these attacks, Madnick recommends taking proactive steps and doing homework. As a first step, he suggests using VPN (Virtual Private Network) in network communications, which encrypts the transmitted data over the internet. Another key aspect is having multiple interfaces with suppliers and service providers. Therefore, before granting access to the company’s systems to potential partners and suppliers, it is essential to assess their information security level. It is necessary to ensure awareness of the origins of all components in the supply chain and identify any potential problematic sources. Having multiple interfaces complicates the tracking of data traffic on the network (not only in terms of security but also operationally), so consolidating the management of monitoring all segments is advisable.