How to Protect Your Business from Supply Chain Attacks

Organizations can use new tools to strengthen digital supply chain risk management, including software bills of materials (SBOM). SBOMs offer a standardized inventory of software parts, including versions, dependencies, and sources. Manufacturers or software suppliers should create SBOMs to increase the visibility of the components nested within each piece of software.

SBOM standards are still evolving, but some organizations will be required to provide them in the future. For instance, the White House's May 2021 cybersecurity executive order (EO) calls for software suppliers to the federal government to produce and deliver SBOMs. The aim is to provide better transparency and visibility into the supply chain. In response to the EO, the National Institute of Standards and Technology (NIST) has issued the Secure Software Development Framework (SSDF).

While there is no silver-bullet solution for software supply chain risk management, you can take a comprehensive approach that factors in these new tools as well as other leading practices.

Companies need a dedicated program to find and manage risks in their software supply chain. This program can help them make decisions at various levels. However, an isolated set of practices is not enough. Enterprises should create a cohesive and strategic approach tied into the broader cyber risk management framework.

You can create such a program if you don't have one yet. Here's a list of critical services that the program should provide:

• A current supply chain inventory
• Supplier software security evaluations
• Automation and effective use of SBOMs
• Advanced disaster recovery (DR) and IR
• Integrating physical and cybersecurity
• Predictive analytics and AI-driven risk assessment
• Integrated risk management (IRM)
• Sustainability and ethical considerations in digital supply chain practices