By 2016, a single information technology (IT) incident in the supply chain could cost companies millions of dollars in data loss and remediation, according to an October 2012 report issued by two Gartner analysts, Neil MacDonald and Ray Valdes.
The report, "Living in a World Without Trust: When IT's Supply Chain Integrity and Online Infrastructure Get Pwned," says supply chains are increasingly vulnerable to hacker attacks because they require information to be exchanged between multiple partners. ("Pwned" is a slang term that originated in the hacker and online gaming cultures and means "owned" or badly beaten by an opponent.) While companies can shield their own data from hackers within their IT parameters, they often cannot protect the information that flows beyond their firewalls to and from their partners. Hackers are able to exploit weaknesses in those links to successfully penetrate security systems, according to the report.
The report recommends that companies be careful in their use of "open source" information systems and says that they should encrypt all sensitive data. In addition, because online purchasing portals can be especially vulnerable, companies must take steps to strengthen security around IT procurement processes.
The report is part of Gartner's "maverick research" program. Maverick research allows Gartner analysts to pursue new, unconventional research and share their insights, but the resulting reports are not intended to represent the opinion of the entire research firm.