Is your supply chain compromising your cyber security?

You are confident that your own network and systems are highly available and secure from cyber-attack, but have you considered whether those in your supply chain can say the same?

Hackers ‘favourite’ targets are supply chains. Given the interconnected nature of the supply chain, a hacker can hack one or two nodes and potentially compromise an entire organisation.

In a new study by Accenture, experts found that seven in ten businesses are vulnerable to cyber-attacks through their supply chains and only 29% of business and IT executives globally know how their partners are protecting themselves in terms of cyber security. As always, the numbers are concerning and as supply chains become more and more ‘techy’ cyber threats will become more sophisticated and dangerous.

However, the issue is not solely a technology one, business structures have become more complex with multiple entry points. When trying to infiltrate larger organisations, cyber criminals target the weaker links, and these are often smaller businesses in the supply chain.

In the face of more and more sophisticated cyber security breaches, which are costing UK businesses millions, securing the supply chain can be difficult but the need to act is more urgent than ever before.

So, what can you do to ensure the cyber security of your supply chain?

The first thing to check is does a supplier have Cyber Essentials and/or Cyber Essentials Plus certifications. These are markers that demonstrate an organisation has adopted good practice in cyber security. These certifications are fast to implement and have a modest cost. Having them in place shows an organisation has solid cyber security foundations.

Collaboration is also an important factor in protecting supply chain. Organisations need to rethink their approach to security to defend not just themselves, but also their ‘ecosystem’. For example, Netflix shares internally developed security tools with organisations that are part of its supply chain.

Top management needs to be involved and aware of any new partnership and their level of cyber security. Having CISOs directly involved with partner organisations and supporting them in building their cyber security systems, is an important factor in protecting the supply chain.

Lastly, organisations need to start thinking like a hacker. This will help them identify the weakest links of the supply chain and find a solution to protect them.