Proactive monitoring of your supply chain: essential for cyber security
This blog post discusses the rise in supply chain cyber attacks and the importance for companies to identify and address vulnerabilities within their supply chains proactively. The National Cyber Security Centre (NCSC) has published new guidance for organisations to help them combat these types of threats. The large and complex nature of supply chains makes it difficult for companies to assess their level of risk, and many trust their partners without conducting thorough assessments. By continuously monitoring their supply chain, companies can identify vulnerabilities and take steps to close them before cyber criminals exploit them.
Rise in supply chain attacks
The National Cyber Security Centre (NCSC) has published new guidance for organisations to help them combat cyber security threats in their supply chains. In recent years, there has been a significant rise in attacks on companies that have come through third parties and partners, often catching the target company off guard. Supply chain attacks have proven effective for cyber criminals as they allow access to a company through its partners, regardless of the amount a company spends on its own security.
Complex supply chains can lead to complacency in risk assessment
The large and complex nature of supply chains makes it difficult for companies to determine their level of risk, with many simply trusting their partners rather than taking a proactive approach. The government’s 2022 Security Breaches Survey found that only 13% of companies review the risks posed by their immediate partners and only 7% check their wider supply chain.
Traditional methods of assessment are inadequate
Even if companies are examining potential weaknesses, the traditional method of assessing a partner’s or potential partner’s cyber security strength leaves many vulnerable. Asking a partner to fill out a form detailing their cyber security practices is often considered sufficient to ensure supply chain security. However, it is clear that cyber criminals are increasingly targeting the partners of their intended victims, so more stringent measures are needed.
The NCSC guidance recommends that companies regularly assess possible weaknesses in their supply chain and establish comprehensive reviews of potential and existing partners. By continuously monitoring their supply chain, companies can identify vulnerabilities and take steps to close them before cyber criminals exploit them. This proactive approach is essential for securing the supply chain and protecting against cyber attacks. Importantly, the NCSC guidance emphasizes the need for ongoing, continuous monitoring rather than a one-time or annual assessment.
Importance of a comprehensive view of vulnerabilities
As threats from cyber criminals continue to increase in sophistication, new vulnerabilities will be exposed. The key is to have a 360-degree view of all supply chain vulnerabilities and use solutions such as artificial intelligence to provide an up-to-date assessment of weaknesses and allow companies to address them before a cybercriminal can exploit them.
AJ Thompson, CCO of Northdoor, commented:
“It’s really encouraging to see the NCSC issue this new guidance. We have certainly seen cyber criminals increase their attention on supply chain attacks over the last couple of years. It is definitely a weakness in many organisations’ armor and an area that needs more attention.”
Contact us if you want to learn more about protecting your supply chain against cyber attacks.