Security Risks to IT Supply Chains under Economic Stress

Abstract

Information technology (IT) supply chains are subject to security risks even during the most stable of economic times, However, when economies come under stress due to brisk growth or rapid contraction, IT supply chains become greater targets for nefarious players, be they employees, hackers, terrorists or nation states, for a variety of reasons. Maintaining both cyber and physical security of owned systems and facilities, over which you have direct control, is difficult and expensive enough under normal conditions. However, attempting to preserve adequate levels of security over third parties, be they process outsourcers, product vendors or contractors, is much more challenging and can be extremely costly in time, money and resources. It is also fraught with organizational, social, economic, political, geographical and contractual challenges. In this paper, the authors list a broad range of potential IT-related security risks and suggest how they might become exacerbated during times of economic stress. Mitigation of these risks may call for extreme measures. Some actions are reasonable and straightforward to implement, whereas others require substantial effort and indeed may not be achievable under current legal and regulatory conditions. The authors offer recommendations for overcoming manageable hurdles, and suggest how some reduction in risk might be attained even in situations where ready solutions are not yet available.