Supply Chain Risk Management Blog
Time to get serious on supply chain cyber risks
The new Cyber Highway service makes it easier than ever for businesses to start to asses the cyber security of their suppliers. It’s an opportunity more need to take.
Cyber is rising up the supply chain. Last month former Home Secretary David Blunkett launched the Cyber Highway, a new website through which business can check whether suppliers are certified under the Cyber Essentials scheme.
The scheme promotes basic standards of “cyber hygiene” to protect against common risks such as hackers and malware infections. Businesses can have a self-assessment questionnaire independently reviewed by an external certifying body to gain a Cyber Essentials badge or have an external body actually do the tests for a Cyber Essentials Plus badge.
For central government, all contracts handling personal information or providing certain ICT products and services have required certification with the standard since October 2014. Two years on, the new Cyber Highway site makes it easy for private sector businesses to effectively apply the same standard. They can now track suppliers’ progress towards Cyber Essentials certification in real-time.
It’s hoped this will, in turn, prompt more businesses to sign up to the scheme and work to achieve certification – vital following the vote for Brexit, according to Blunkett.
“It is more important than ever, post-Brexit, for businesses to hold an internationally-accepted certification, as competition increases and an extra level of cyber-resilience is required,” he said at the launch.
Opens doors: Risks from suppliers, vendors and customers
There’s also a couple of other reasons to welcome such moves.
One is that many big security breaches can be traced back to attackers exploiting vulnerabilities of suppliers.
That might mean criminals targeting businesses’ raw materials suppliers or just service providers. The data breach at US retailer Target, which in 2013 had 40 million customer details stolen and leaked, remains perhaps the prime example of the latter. That attack was the result of network credentials stolen from its refrigeration, heating and air-conditioning subcontractor.
The second reason to welcome initiatives like the Cyber Highway is related to this: Many businesses still seem to be complacent about this aspect of their supply chain risk.
A recent survey by insurance brokers Marsh found that only a quarter of UK large and medium-sized corporations assess their supply chains for cyber risks. As the report notes: “[T]he overwhelming majority of companies are leaving themselves exposed to third parties, from service providers to customers.”
Anything that gives businesses the tools to start changing this can only be a move in the right direction.