Most organisations rely upon suppliers to deliver products, systems, and services. An attack on your suppliers can be just as damaging to you as one that directly targets your own organisation. Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it.
You can manage risk to your business that manifests in the supply chain through:
National Cyber Security Centre guidance outlines three key phases in establishing an effective capability to manage supply chain cyber risk and improve organisational cyber resilience.
Identify your suppliers - understand your supply chain
Until you have a clear picture of your existing supply chain, it will be very hard to establish where you can have any meaningful control over it. Where possible include subcontractors.
Determine which suppliers are most critical
Ensure you have a list of all your suppliers, and partners, and identify which ones are highest priority to concentrate your efforts on. Priority will be assessed in terms of risk.
Establish a programme – to manage supply chain risk
Establishing a programme for managing supply chain cyber security risk and gaining buy-in from senior executives and board members will formalise and embed the process in a structured way.