Sensitive information is exchanged in the course of you consuming goods and services to conduct your business. That exchange is increasing in volume and frequency as you digitise remaining tasks and outsource more non-core functions. This presents a broadening opportunity for malicious parties to monetise their efforts including selling your information in underground markets or extorting you to deliberately interrupt your business (ransomware). In response your obligation to protect that information is under increasing corporate and regulatory pressure.
While the effort to process your business information can be shared with third parties, the obligation to protect that information remains with you. Supply chain cyber security breaches are increasingly in the headlines where global brands have suffered breaches that originate from a system provided by a third-party supplier. It is those global brands that are left with the reputation and financial damages.
Cyber security risks in your supply chain take many forms. Open-source software components used as standard building blocks for more complex in-house and vendor systems (like log4j) are one. Outsourced services for key functional components such as authentication (like Okta) are another. Remote access to manage on-premises systems (like HVAC) and back-door access to key systems (like SolarWinds) are further examples of the thousands of exposure points that distract small to medium enterprises from their core business.
At Brace168 we help our customers manage cyber security risk with a proven methodology and it is one of our fastest growing areas. We help our customer define their risk appetite, build and run risk management systems, define trading terms and assessment criteria around supplier’s cyber security policies and conduct reviews according to those criteria. We can deliver all these components, or individual components, with a clear goal to continuously lower the supply chain risk for that customer.
Over a series of upcoming articles Brace168 will share details of how we help customers assess, manage, and improve the information security in their supply chain. In the meantime, if there is an area you would like help, please contact us directly.