An interesting article published this week on the UKFast Blog discusses how supply-chain risk is fast becoming a prominent theme in cyber security.
A chain is only as strong as its weakest link and this applies even more so when networked IT systems and shared data are involved.
Breaches resulting from third-party security lapses are on the rise. Last year, 59% of organisations said one of their vendors or partners had caused a breach. Almost 75% said they believed such incidents were likely to happen again.
In June police forces across the UK were forced to cease all work with the country’s largest private forensics provider, after a ransomware attack destroyed or locked essential case data held on the company’s systems.
Police across the country have suspended all work with the company as a result, which is believed to account for more than half of all of their outsourced casework.
Privacy protection has become a significant focus for regulators and businesses are now being held to account for the actions of suppliers.
Customers will abandon a brand after a significant breach. Consumers now judge a company on how reliably they protect personal data.
It doesn’t matter if the breach happens on a supplier’s systems. If the brand that contracts the supplier and gives it access to customer data, they are accountable.
Every contractor and subcontractor working with customer or proprietary data needs to take ownership of cyber security, and protect the sensitive information it stores, receives, or transmits.
It is not a matter of IF a system will be breached – it is now a matter of WHEN.
Edward Whittingham sets out the following vital steps for identifying vulnerabilities:
- Auditing your existing supply chain
- Create minimum cyber-risk standards
- Don’t forget the supplier’s suppliers
- Audit, measure, repeat
- Create a culture of cyber-risk awareness across your supply chain
For a review of your supply chain contact Chapter Three Consulting on firstname.lastname@example.org or call us on 0330 004 0020 to find out how we can help you.