it-sa Expo&Congress 2025: Security in motion – from networked supply chains to quantum-secure algorithms 

Supply chains are the backbone of global value creation and, at the same time, one of the biggest gateways for cyberattacks. The it-sa Expo&Congress 2025 made it clear: security does not end at your own IT boundaries. At the same time, post-quantum cryptography (PQC) is gaining in importance, because what is encrypted today could be decrypted tomorrow by quantum computers. Companies must therefore secure their supply chains and make their cryptography strategies future-proof.

How should cyber risks to supply chains be assessed?

Cyberattacks along the supply chain are on the rise, often with fatal cascading effects. If a supplier is compromised, the attack can spread unnoticed to partners, service providers, or entire industry ecosystems. Risks arise not only within your own infrastructure, but in every part of the network. Supply chain security is not an isolated issue. Risks must be holistically identified, systematically assessed, and mitigated through coordinated measures.

Consider the following points, among others:

• Third-party providers increase the attack surface, even without direct access to internal systems.
• Transparency regarding processes, dependencies, and data flows is the first line of defense.
• Early warning systems, continuous risk analysis, and automated threat intelligence sharing minimize damage.
• Strategic partnerships and clear responsibilities increase responsiveness and resilience in emergencies.

Be inspired by this contribution from it-sa Expo&Congress 2025:  

• CrowdStrike | SaaS in the Crosshairs: Attacks on Cloud Apps and Supply Chains

What measures are in place to protect third-party providers?

Every supply chain is only as secure as its weakest link. Effective security therefore means consistently enforcing security standards not only internally, but also among partners. Establishing audits, certifications, and continuous monitoring creates trust and robust compliance structures.

Structured third-party risk management forms the backbone of modern cyber strategies:

• Supplier management should be at the core of any IT security strategy.
• Regular security reviews, audits, and penetration tests increase maturity and traceability.
• Automated monitoring tools provide real-time transparency on compliance status and security metrics.
• Clear contracts and SLAs define responsibilities, obligations, and response times in case of an emergency.

Is post-quantum cryptography already part of your IT strategy?

What is considered secure today could soon be vulnerable: quantum computers threaten classic encryption methods that have formed the basis of digital security for decades. Companies should therefore set the course for a quantum-secure future now, before sensitive data that is currently transmitted or archived in encrypted form can be decrypted in the future.

Post-quantum cryptography (PQC) is not a topic for the future, but rather a strategic necessity for ensuring confidentiality and integrity in the long term:

• Future algorithms must be resistant to quantum attacks and at the same time interoperable with existing systems.
• Pilot projects and test environments help to evaluate PQC at an early stage and ensure compatibility.
• Integration into existing security architectures requires governance, migration plans, and investment in expertise.
• International standards and initiatives (e.g., NIST, QSNP) provide guidance for the transition.

Delve deeper into the topic in this article from it-sa Expo&Congress 2025:  

• it-sa Expo&Congress 2025 | QSNP: The European Initiative for the Development of Quantum-Safe Networks

How can you prepare for future cryptographic threats?

The transformation to quantum-secure processes is a complex process—organizational, technological, and cultural. Companies that develop a roadmap early on minimize future risks and ensure regulatory compliance. It is crucial to view cryptographic systems not in isolation, but as part of the overall architecture.

Proactive preparation for new threats not only protects data, but also strengthens trust, stability, and competitiveness:

• The migration to quantum-secure algorithms must be strategically planned, tested, and implemented step by step.
• Awareness and targeted training prepare IT teams for new encryption standards and forms of attack.
• Simulations, penetration tests, and risk analyses reveal vulnerabilities before they can be exploited.

Discover exciting insights in this article from it-sa Expo&Congress 2025:  

• ESET Germany | A Quantum of Solace – IT Security in the Conflict between Control and Chaos

What role does transparency in the supply chain play in security strategy?

• Transparent, verifiable processes lay the foundation for effective risk management and sustainable cyber resilience.
• Complete documentation of all interfaces, data flows, and dependencies is essential.
• Regular assessments and re-audits ensure that security and compliance standards are maintained.
• Real-time monitoring and reporting promote responsiveness and trust in critical supply chains.

Security is teamwork—even beyond company boundaries

The it-sa Expo&Congress 2025 has demonstrated that supply chain security and post-quantum cryptography are inextricably linked. Security does not end at your own firewall; it arises from the interaction of technology, processes, and partnership. Focus on these points, among others:

• Proactive protection of the supply chain: Only those who identify and manage risks early on can prevent damage.
• Post-quantum cryptography as a strategic necessity: Future-proof algorithms protect data in the long term.
• Transparency and monitoring: Complete traceability builds trust and ensures compliance.

Supply chain security and post-quantum cryptography are not short-term trends, but fundamental building blocks of modern IT security. Companies that continuously review and optimize their processes, technologies, and partners remain resilient, compliant, and future-proof.

Related links

• All current forum posts on it-sa
• Supply chain attacks: poisoned AI