As organizations harden their attack surfaces, it follows that cybercriminals move on to seek softer targets. However, there’s one type of stealthy attack that doesn’t get the attention it deserves: supply chain compromise. Why? Phishing and ransomware attacks are much more visible, occurring while devices are already in use. Anyone with an email account has experienced a phishing attempt. But the reality is that supply chain attacks happen, and the impact can be devastating.
Supply chain attacks were responsible for 62% of network breaches in 2021, and they will only increase in frequency and scope. The FBI has issued multiple alerts over the past few years on this topic. These malicious activities have been so concerning that it led to the February 2021 Executive Order on Supply Chain Security.
The threat of supply chain attacks is certainly top-of-mind across industries and organizations. But a recent global survey of IT decision makers shows that only 36% of respondents require their IT suppliers to implement a secure supply chain. So, how can companies better protect their IT fleet against supply chain risk?
First, work with trusted suppliers who enforce clear and robust security practices. That means policies and procedures that govern everything from supplier management through manufacturing and delivery. With that critical step in place, layer on additional assurances of product security. Many of our customers require this enhanced level of protection. Certain industries and organizations are highly regulated with heightened compliance requirements. Some have significant IP assets that could subject them to a higher likelihood for supply chain attacks. In fact, as part of the aforementioned executive order, the federal government will soon mandate this extra level of assurance of product security as part of the purchase criteria for federal and enterprise organizations.
The good news: Dell Technologies has made an enormous effort to build devices securely with strict supply chain controls. What’s more, through Dell SafeSupply Chain, we offer additional endpoint device protections. And to continue to meet customers’ needs for supply chain assurance, we have rolled out an enhanced version of the Dell-unique Secured Component Verification (SCV).
Why is SCV Important?
Product tampering can happen at dozens of points across the supply chain, including sourcing, assembly and shipping to name a few. Dell has controls in place to combat this endpoint security risk, but, taking the Zero Trust “assume breach” mentality, we further mitigate the risk with SCV. Dell accomplishes this by taking a “digital fingerprint” of key hardware components within each commercial PC in the factory. Upon delivery, the customer then uses the certificate to verify that nothing was changed (tampered with) by comparing it with its manufactured “as is” state. Note: For those looking for similar protection for their infrastructure, Dell also offers this unique protection for our PowerEdge servers.
SCV Options and Availability
Dell launched this endpoint device protection in fall 2021. We now offer two versions of SCV certificate storage to address the unique needs of our customers. They can opt for either version:
-
- On the device with SCV on Device (built with federal agencies in mind) or
- Off-host in a secure cloud with SCV on Cloud (preferred by enterprise customers)
SCV on Cloud is now available worldwide for many Dell commercial devices, with additional product compatibility rolling out in the coming months. SCV on Device continues to be available for U.S. customers, with a global rollout planned as products are tested and validated. For more information on SCV, view our datasheet. Your account representative is always here to help or contact us here.