October coincides with the ‘spooky season’ in many countries, which can conjure scary stories about ghosts, headless horsemen and other things that can keep us awake at night. For those of us in cybersecurity, there are other scary stories that keep us awake at night throughout the year: the nefarious activities that make people’s devices, data and systems go bump in the night and day.
You’ve heard about the usual types of attacks – phishing emails, ransomware attacks and the like. Here’s the part that’s even more terrifying… even if you practice safe emailing and web surfing, you could already have malware infecting your device even before you boot up. That’s because malicious activities can happen in the manufacture of your computer if your original equipment manufacturers (OEM) supply chain practices are not as secure as they could be.
You may think of a supply chain as trucks rolling down the freeway or trains brimming with goods riding the rails. And yes, those are the traditional views of supply chain of things moving around the world. But in reality, today’s supply chain is complex and globally interconnected.
Because of its many touch points, the supply chain has become a major attack vector. For instance, 62 percent of network breaches were attributed to supply chain vulnerabilities, according to Verizon’s 2022 Data Breach Investigations Report. ¹ PC hardware (the chips and motherboards) is at risk. So is firmware, the brains behind your machine. And let’s not forget about the physical security of the facilities and people. How do you reduce the opportunity for supply chain compromise? Make security part of your evaluation process every time you work with OEMs to procure devices. Keep in mind that your OEM’s supply chain is now your supply chain – and it’s in your best interests to work with OEMs that invest deeply in the security of their supply chain.
Dell not only builds security into its products – we build products securely. This covers the hardware, software and firmware used. Security starts with the design of the product, and Dell has a well-established Secure Development Lifecycle (SDL), which ensures security is built in from the initial concept. We prioritize investment in robust processes and controls embedded throughout our supply chain. In fact, supply chain security is a top priority for Dell. The strength of the Dell supply chain extends through numerous manufacturing locations, Dell factories, direct supplier factories of components and parts, as well as our original design manufacturer (ODM) partners.
In addition, our “second touch” operations sites provide value-added services for customers to match their unique needs. Every step of the way includes processes to ensure security and operating according to rigorous and documented quality management standards, which span assembly, software installation, functional testing and quality control.
To ensure quality and…