Supply chain at risk without specialist cyber security input

Supply chain at risk without specialist cyber security input

Chief Information Security Officers (CISOs) need to provide specialist cyber security knowledge to reduce risks of cyber attacks in the supply chain by becoming a critical component in the procurement of vendors, according to new research conducted by Campbell Marsh on behalf of Cyber Security Connect UK, the influential cyber security forum that is held annually in Monaco during November.

The findings from the ‘CISO and vendor relationships in the supply chain’report indicates that there is a fragmented approach to cyber security in the supply chain and that a high level of risks are present which need to be closely monitored and reviewed.

CISOs believe that supply chain cyber security should be an integral part of product and service delivery. Business managers are less aware of the weaknesses and threats of cyber attacks, therefore CISOs need to have a greater level of influence in the procurement process to reduce risks.

CISOs believe that businesses need to take stronger steps to establish robust procedures that minimise cyber security risks within the supply chain. We found that 97% of CISOs see the supply chain as a source of risk, so there is an urgent commitment needed to mitigate risk exposure when undertaking a procurement exercise.

CISOs expect vendors to adopt policies and procedures that provide stronger security controls. While system and network administrators can be guilty of system misconfigurations, poor patch management practices and the use of weak passwords, ongoing auditing and due diligence can guard against potential threats.

Fragmented standards and cross-border working exposes some sectors to greater risk. Ultimately international agreement will be necessary to tighten up on protecting against cyber attacks and theft of data assets and intellectual property.