Practical steps to help medium sized organisations gain assurance about the cyber security of their supply chain.Understanding the threatIn recent years there’s been a significant increase in the number of cyber attacks resulting from vulnerabilities within the supply chain. These attacks can result in devastating, expensive and long-term ramifications for affected organisations, their supply chains […]

Practical steps to help medium sized organisations gain assurance about the cyber security of their supply chain.
Understanding the threat
In recent years there’s been a significant increase in the number of cyber attacks resulting from vulnerabilities within the supply chain. These attacks can result in devastating, expensive and long-term ramifications for affected organisations, their supply chains and their customers.
Whilst the problem is understood, the nature of the supply chain can make it difficult to know how your suppliers are managing and maintaining their cyber security. Typical medium sized organisations have limited resources to adequately address. You can take these simple steps to address.
Understanding of the threats to your supply chain
What access do your suppliers have to your systems and services?
What needs to be protected and why?
Why might someone be interested in attacking your supply chain?
What are the potential cyber threats that could cause harm to your organisation?
What vulnerabilities could be exploited within your supply chain via a cyber attack?
What is the impact on your organisation if these vulnerabilities are exploited?
What are the various types of supplier relationships and what are their risk profiles?
Identify the key players in your organisation
Who will be impacted by supply chain cyber security? Consider which teams in your company are involved in the supplier lifecycle that would be impacted by this activity, including your suppliers.
Who should be kept informed about the activity? This will include people who do not directly contribute to the creation of the new approach but have an interest in or may be impacted by its progress.
What the company’s risk appetite and processes.
Processes to assess severity and impact of cyber incidents, with contingency plans to address when needed.
Board buy-in to improve supply chain cyber security.
Governance process where security leadership meets with the board on a regular basis and articulates the organisational position with regards to supply chain cyber security.
Ensure that the supply chain cyber security challenges are well understood, and appropriate decision making is carried out.
Ensure Supply chain compliance is regularly evaluated to encompass changes within your own company and that of your suppliers.
Contact Business Technology Leaders to improve and maintain your supply chain cyber security using our Portfolio leaders. For more of an insight to our approach contact me ([email protected]) for an informal, confidential, impartial, no obligation and free discussion on how we can add value to your business.
#Cyber Security, #Data Security, #Cyber Security Planning, #Cyber Security Recovery, #ISO27001,