Big guns target supply chain threat


Big guns target supply chain threat

Bill Goodwin
Supply chain security has become a top priority for big businesses and will dominate IT throughout 2005, Howard Schmidt, chief information security officer at eBay, will tell the RSA security conference this week.

Schmidt, a former White House adviser for cybersecurity, said the focus of cyberattacks had shifted from larger firms, which have improved their security, to smaller firms where weaknesses remain.

This is creating new threats which affect the big players further up the supply chain.

"The trend is small and medium-sized companies getting attacked - everything from phishing e-mails to denial of service to hack attacks are moving down the food chain," said Schmidt.

Multinational companies are increasingly requiring their smaller suppliers to pass IT security audits and to sign contracts that say they have adequate IT security in place, said Schmidt.

But he warned that small companies faced serious problems dealing with the different compliance demands from the larger organisations.

"The issue is where you have one supplier for seven large corporations and all seven demand an audit as part of their contract," said Schmidt. He called for an effort to "develop some mechanism to ease that pain".

CIOs of major corporations have begun to share security information about suppliers informally and this could pave the way for corporations to accept security audits conducted by other businesses, he said.

"The next logical step is trying to formalise the processes," Schmidt said.

RSA Security Conference >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy