Supply Chain Security – Don’t Be The Weakest Link

You might think that if your organisation is protected against cyber-attacks, that’s all you need to worry about. But even if you have put measures in place to ensure your network and systems are safe, secure, and highly available, have you considered whether those in your supply chain can say the same?

Hackers deliberately target supply chains as accessible gateways through which they can reach many infrastructures through a single attack and wreak considerable damage.

Employees frequently succumb to sophisticated phishing and ransomware attacks if these attacks are built around a profile that looks like a bona fide supply chain member. The UK Cyber Security Breaches Survey 2022 shows that of the 39% of UK businesses who identified an attack, the most common threat was phishing attempts (83%).

Worryingly, the survey also reveals that only 13% of those surveyed assessed the risks posed by their immediate suppliers, saying that cyber security was not an essential factor in procurement. Only 7% consider their wider supply chain, with 26% citing that not knowing what checks to carry out was a barrier.

The government’s Captains of Industry Cyber Resilience Research report 2021 shows that 91% of leaders of the UK’s elite businesses see cyber threats as a high or very high risk to their business. However, nearly a third of those are still taking no action on supply chain cyber security.

The government believes that Cyber Essentials and Cyber Essentials Plus are demonstrators of good information security practices and requires suppliers bidding for contracts involving handling sensitive and personal information to be certified. As cyber security experts here at ITPS, we believe this should be the ‘must-have’ minimum to which customers and suppliers must adhere.

Securing the supply chain can be difficult, but the need to act is more urgent than ever before in the face of continuingly sophisticated cyber-attacks costing UK businesses directly and indirectly. Data breaches and the resulting fines hit the headlines daily. While some are down to a supplier/third party’s misuse of data, responsibility rests with the organisation at the top of the chain.

So what can you do to ensure the security of your supply chain?

Suppose you already hold Cyber Essentials and Cyber Essentials Plus certification. In that case, you are demonstrating a commitment to adopting good practices in information security, which is what you also expect from your suppliers.

If you need extra support, check out the National Cyber Security Centre’s helpful guidance in the form of 12 principles designed to help businesses understand the risk, establish control, check arrangements and maintain a continuous improvement cycle to ensure their supply chain is as secure as possible.

Assessing the cyber security of your suppliers is an essential task. You cannot rely on simply protecting your organisation; you should look further afield at partners and suppliers and ensure that they have the suitable security in place to manage cyber risk properly.
Any chain is only as strong as its weakest link. Give our cyber security experts a call and see how we can help you turn weak links into strong defences.