Product Integrity and Authenticity - Sounds Difficult!
Cyber Cerberus has extensive experience in the security of supply chains and vendor management. An article was published this week discussing the Australian Cyber Security Centre's (ACSC) three (3) new requirements for testing product integrity and authenticity. While the Information Security Manual (ISM) issued by the ACSC is intended for government agencies, it can also be incorporated into security programs for private sector organisations.
Due to the lack of security budgets, smaller and medium sized organisations are unable to undertake the three (3) new requirements to ensure their systems are authentic and secure. We believe small businesses should have access to the same level of cyber security support as large businesses, within the context of their organisation. When introducing new products and services for their digital environments to small to medium businesses, here are a few tips:
Business owners are encouraged to ask questions. It is okay for you to do so.
Is your IT service provider testing and certifying the products they are selling you? Managing, processing, and transmitting the information your business stores, processes, and transmits is your responsibility as the business owner.
When a product recommendation is made, it's okay to ask for more information or look up the vendor's information. If you are looking for these products, search for terms such as counterfeit, fake, and scam.
While reviewing online information, critically analyse the source of the information, as not all information is accurate.
Choose well-known brands such as Microsoft, Fortinet, Cisco, Google, Amazon, HP, Lenovo, IBM, just to name a few. Audit certifications have been made public for viewing for these platforms that have been rigorously tested.
We encourage small businesses to contact us at firstname.lastname@example.org if they have any questions. Sometimes simple questions can navigate you through a scary world, help you unlock the potential of your systems, and manage the risks appropriately.