By Scott Nursten, CEO, ITHQ
TAKING CONTROL OF SUPPLY CHAIN SECURITY
4 stages to fortifying your evolving supply chain When SolarWinds network management system was attacked in December 2020, it compromised the supply chain of over 18,000 organisations, including the Pentagon. The more recent Kaseya attack infected over 1,500 small to medium-sized companies with ransomware, demonstrating that these attacks can impact any type of business – even technology specialists. Avoiding a similar nightmare means zero trust and zero assumption. If suppliers have access to your data, you need assurances that they operate to the same security standards as you do. By going up the supply chain, attackers can significantly magnify both damage and revenue. Instead of disrupting one business and collecting one ransom, they could – as in the case of SolarWinds – potentially multiply results 18,000 times.
SECURING YOUR SUPPLY CHAIN MEANS WORKING TOGETHER
In 2018, GCHQ’s National Cyber Security Centre (NCSC) published its principles of supply chain security, in partnership with the Centre for the Protection of National Infrastructure (CPNI). The CPNI’s purpose is to safeguard UK national security, taking action to reduce our vulnerability to terrorism, espionage and sabotage, among other threats.
There are 12 principles which can be grouped into four clear stages, each building on the last to help you achieve cyber, physical and personnel security with your suppliers. Insurers won’t pay out on consequential losses without evidence, making it your responsibility as a business owner to ensure a provable audit trail of security measures.