Supply chains are a major target for cyber-criminals
The UK’s National Cyber Security Centre has issued an alert, warning businesses of the increasing threat of ransomware-type cyberattacks.
The last few years have seen a real increase, both in their number and sophistication. The Double Extortion attack sees cyber-criminals not only steal a company’s data but also threaten to publish it. This can be particularly effective when targeting certain sectors where the data is incredibly sensitive.
So, if some part of your supply chain has access to your data, then this represents a risk that you need to consider – and you wouldn’t be alone in that. Of course, as a consequence, it follows that supply chains are an area of real interest for cyber-criminals; such people are always seeking less well-guarded entry points. You may have been through your own security with a fine-toothed comb, but what about your suppliers? But are they as secure as you?
Businesses need to do more to ensure that they have an insight into the vulnerability of their supply chains and close any gaps in security. Click To TweetTrust and integrity in your supplier chain
For too long, ‘trust’ between partners in a supply chain has been based on perception rather than hard facts. There’s a quite natural assumption that every member of the chain is competent to deliver the tasks that it says it can. You may have been doing business with your partners for years and for that extra peace of mind, perhaps you prepare and issue questionnaire spreadsheets and maybe even talk to references for reassurance, but ultimately, your partners are asking for your trust.
There’s also the matter of the integrity of every member of the chain. Simply put, there’s an assumption that they will fulfil their promises. This is usually taken as a given and this is regularly based upon experience. That’s good, but as they say, past performance is no guarantee.
Such intangible measurements cannot ensure that your partner is looking after your data; it cannot ensure that they pay as much attention to their own cyber security as you do. The possibility exists, therefore, that trust without evidence could result in an open ‘back-door’ to your own infrastructure.
There has to be a better and more comprehensive approach to securing supply chains.
Audit your suppliers
As a result of GDPR, any supply chain partner working with your personal data in any way is your Data Processor. Therefore, it is now a regulatory requirement to have the right to audit their IT service as part of your contract.
Quite often, an IT audit takes the form of a self-certification spreadsheet, where your partner fills in a form once a year.
Now, not everyone has the time to sit down and examine everyone else’s security systems in fine detail. While questionnaires still have their place in supplier governance, they cannot offer a true reflection of the state of a partner’s IT practices and cyber-defence capability.
Solutions to protect yourself from security threats
So, what’s the solution? Ransomware and other attacks are not going to go away – a brief look at the news headlines will confirm that it’s a turbulent world out there. However, it’s not all bad news and help is at hand. The NCSC is a good source of information. On their website, you will find their 12 principles of supply chain security.
Furthermore, it has recently launched its Ransomware Hub; a place to learn more about the threat of ransomware and what you can do to better secure your data.
It’s widely agreed that education plays a key part in preventing attacks. Indeed, this goes beyond the classroom presentation to the more practical. Some anti-phishing solutions offer not just filtering but also in-mail alerts to educate the end user about the likely veracity of their emails. Others provide the ability to deliver custom phishing simulations. Above all, it’s important that we keep talking about the threats we face – employee to employee, partner to partner.
Some businesses are turning to AI powered software that allows companies to gain a 360-degree accurate view of not only their own security, but also their entire supply chain, from A to Z, start to finish, giving them insight into possible vulnerabilities which otherwise may well have been missed.
Review gaps in your supply chain security
Can you trust your supply chain, and can you trust it with your data? You will be able to get a much more confident answer to the question if you gain an informed and clear view of possible gaps in security throughout the supply chain. The need to close these gaps should become a mutual challenge, working together for the common good towards a secure relationship, a matter of ongoing conversation between partners and even a contractual obligation. The backdoor that so many cyber-criminals are looking to access then becomes just that little bit less attractive.
To obtain a free assessment of your suppliers, contact us today.