We were interested to read a recent article which covered new guidance urges organisations to comprehensively map supply chains for cyber risk, despite this potentially representing a “massive undertaking”.
A report, produced by the National Cyber Security Centre (NCSC), said mapping would result in better decision-making because it provides insights into cyber security considerations that “could be more easily enforced via contracts”.
The NCSC warned this information would be “an attractive target to attackers”, so it should be held in a “secure repository with strong security architecture underpinning its design”.
“A vulnerability that exists anywhere within the supply chain, whether in your direct suppliers, or the suppliers that they sub-contract out to, could impact your organisation,” said the report.
“For large organisations decisions around the practicality and usefulness of understanding beyond the primary tier should be evaluated, and only the information on direct contractors should initially be captured.”
A massive undertaking this may be, as another recent article also detailed how supply chain cyber security breaches are up by more than a third as companies struggle to monitor third-party risk, according to research.
BlueVoyant’s second annual global survey into third-party cyber risk management found 93% of respondents had suffered a direct cyber security breach because of weaknesses in their supply chain. The average number of breaches rose from 2.7 in 2020 to 3.7 in 2021, a 37% year-on-year increase.
Martin Smith, Founder at Talent Drive, added his thoughts;
“Cyber security is a huge aspect to consider across supply chain particularly with the increase in digitalisation and technology.
It is important that organisations understand the risks and hopefully this extra due diligence will mean less security breaches across organisations which can be costly!”
Read the full article this blog was based on here, and let us know your thoughts on the subject!
