A supply chain is only as cyber-secure as its weakest link. The digital transformation of the global supply chain, which has taken place over the past decade, means businesses can now work closer together than ever. There are many benefits of integrating data and sharing information to create efficiencies while reducing costs.
However, each supplier brings a risk of introducing vulnerabilities to your network. It is worth noting that around 80% of data breaches originate in the supply chain. Smaller organisations are often targeted and used as a vehicle for criminals to access larger corporate infrastructures. Two recent examples of this approach by cyber criminals are:
Risks can be introduced from various sources, for example, data can be damaged accidentally, accessed by cyber-criminals or employees who are an insider threat.
As a first step to addressing risk, you should complete an audit of your suppliers and understand who has access to which levels of your corporate data. Once you have established who has access to what categories of your data, you can work out how to manage the risks and introduce methods of monitoring and evaluation. You can categorise suppliers and establish controls for each category. Suppliers who provides services on-site, may form one category and will clearly bring different risks and need different controls to suppliers who provide ICT services and can access your company data. You should also consider your rules on subcontracting, consultants and partners.
There is an increasing demand, within the tendering process, for suppliers to be certificated to a recognised cyber-security standard. The following two certification routes are the most common methods of cyber security certification:
Our technical consultants have a strong understanding of both schemes and have supported many of our customers throughout the UK to get certification in place. We are happy to help you work out which of the available certifications is best suited to your business needs. Contact us if you would like to explore this further with of our experts.