In part 1 of Supply Chain Cyber Risk Reduction , we covered the excellent NCSC advice on how manufacturing businesses can work with supply chain partners to improve overall cyber security controls and reduce risks. After all, it is both through partnership and a shared understanding of responsibilities that both awareness and better support can be provided. In this blog, we take a look at the subsequent six principles and how these can drive continuous improvement for manufacturing business and their supply chains.
The principles of supply chain security
For those wishing to understand the first six principles, please see understanding risk and establishing more control.
The next set of 3 principles the NCSC highlights are focused on verifying arrangements. This includes:
- Building assurance activities into the supply chain
Now, this is most commonly established using contractual changes but for well established, trusted suppliers without their own cyber expertise, this can be both a daunting and introduce significant overheads on already stretched businesses.
It introduces new requirements and commitments to upwardly measure and report risks, largely through audits. It commonly introduces assurance measures, usually through certifications like Cyber Essentials Plus (so it is independently audited and tested annually).
For CloudGuard, the overhead of maintaining this internally for smaller businesses is the biggest challenge we see, as well as working with internal audits encouraging and ensuring good security behaviours are adopted and updated.
The “right to audit” where organisations have worked together for years, have a superb understanding of one another and are excellent partners, can introduce a new dynamic in terms of “security requirements”. Very few supply chain partners have the luxury of in-house cyber expertise or the time to add this to the to-do list.
This is where working collaboratively with a cyber partner like CloudGuard can bridge the gap in capabilities and actions. It ensure ownership and responsibilities for additional areas added by security requirements and allows supply chain partners to do what they do best, whilst working towards assured and continually improving supply chain security controls.
Continuous improvement is key
Cyber security is a journey. It is full of evolution, continuous change, and improvement focus based on a destination of reducing supply chain risks and building greater levels of trust. That in turn, reduces risks for all parties working together. It ensure they will continue to do so successfully for many years to come.
The NCSC’s guidance on continuous improvement completes the final principles. In our experience, cybersecurity challenges are more effectively solved faster through sharing issues, ideas and valuing input. A collaborative approach ensures buy-in and the most effective communications across the shared issue of reducing business risks.
The changing nefarious actors seek out intellectual property, customer information, distribution and pricing information, as well as customer data. They care not for your long-established businesses or trading relationships or your passion for producing high quality goods, materials and services. Their motives are primarily to cause as much business disruption and impact through data exfiltration, overriding security controls and demanding ransom payments.
Timing is everything
The basic principles CloudGuard help supply chain partners understand is, that the earlier you can see and understand a security issue, the earlier you can intervene and control the impact.
These can be sophisticated attacks involving long-term reconnaissance to establish how they will infiltrate, exploit and exfiltrate. If so, early detection with the right solutions and expertise will reduce the likelihood of this happening.
Cybersecurity is constantly evolving as are threats. The expertise required to understand these threats and risks to business is best served by working in supply chain partnerships with experts. There are no guarantees, but should the worst happen, this supply chain partnership with an expert partner reduces both the business impact and accelerates recovery. All of this minimises supply chain impact and overall risk.
How to achieve supply chain cyber risk reduction
We need to work collectively to prevent another 18% quarter on quarter increase in ransomware attacks on hard working, stretched supply chain and manufacturing businesses. Let’s make it happen from today. It is why CloudGuard’s created the PROTECT Lite service. It is specifically designed for supply chain businesses of 5 to 50 employees, to help reduce key risks by embedding the above principles and enabling continual improvements.
For more information on our PROTECT Lite service for supply chain partners, please reach out to [email protected] for more information or guidance. Together, we can reduce business risks from cyber disruption from today. Next week I will talk about recent attacks on manufacturing businesses and what we can learn from these to share intelligence and improve cyber security. Thanks for reading.
