In March, a container ship leaving the Helen Delich Bentley Port of Baltimore struck a support piling holding up the Francis Scott Key Bridge, knocking the bridge into the water and killing six workers who were aboard the bridge. With the port closed for an unknown duration and traffic to the port limited due to the collapsed bridge, manufacturers should prepare for disruptions in the global supply chain that could interfere with production.
To protect their interests, manufacturers must do everything within their power to manage the elements of the supply chain they can control. Manufacturers must look for alternate shipping routes to maintain a flow of goods and raw materials needed to sustain operations and keep goods flowing through their factories.
For many, that means ensuring that the SaaS applications used to facilitate the manufacturing and supply chain processes are secured from threat actors. At this sensitive time, threat actors can increase havoc and interfere with operations by breaching applications like ServiceNow, Microsoft 365, Salesforce, and DocuSign. These apps, as well as dozens of others, play an important role in supply chain management, and securing them should be of paramount importance to manufacturers.
Align Application Configurations Across Multiple Tenants
Global shipping incidents and breakdowns in the supply chain have been known to increase the risk of cybersecurity threats. Manufacturers using multiple tenants of the same application must fully secure each instance. Organizations should define best practices for their configurations and apply those settings across the various software instances.
Access control settings are among the most important for manufacturers to secure. These settings ensure that only authorized users can access the application and control the level of access users have within it. A strong username/password policy coupled with multi-factor authentication (MFA) significantly limits the impact of successful phishing attacks. Meanwhile, following the principle of least privilege (POLP) through strong role-based access controls (RBAC) reduces the risk of breaches by limiting the material and actions threat actors can take when they are within the application.
One often overlooked area of SaaS security is the data in files. Large companies have millions of documents, files, calendars, and repositories that are shared publicly with anyone who has a link. Each tenant should be configured to limit the public sharing of files, and those that allow public file sharing should have those files monitored to control exposure.
These security settings should be applied, monitored, and managed across every tenant, to ensure that all company data is behind a secure wall.
Reduce User Risk Along the SaaS Stack
Insider threats and threat actors who compromise the applications can introduce mayhem into the supply chain by canceling orders, rerouting deliveries, or engaging in similar malfeasance. While MFA and RBAC are effective in controlling access, those who bypass those security controls must be contained.
User risk comes from several sources. Review user lists to detect former employees who have maintained their user accounts, external employees who no longer require access, and dormant users who haven’t accessed the application for an extended period. All these accounts should be reviewed and disabled to limit risk.
In addition, manufacturers should consider identity threat detection tools to monitor their applications. These tools monitor user activity, searching for anomalous behavior that indicates an account’s been compromised. Even authorized users acting against their employer’s best interests can be detected as an insider threat.
Controlling the Uncontrollable
Incidents like the Baltimore Port accident tend to spin out of control. The degree to which it will impact the global supply chain is unknown, although Maryland governor Wes Moore told a Fox News audience that this will have a “massive impact on the national economy.”
However, manufacturers can do their best to limit the impact by managing the applications within their control. That means monitoring their applications, securing configurations, and detecting any user-based threats.