Paul Brislen, Editor. 03 May 2021, 12:47 pm
Supply chain management isn’t typically the first thing CIOs think about when considering cyber-security, but for the Government Communications Security Bureau (GCSB) it’s pretty much top of mind.
The National Cyber Security Centre (NCSC) is the part of the GCSB tasked with supporting New Zealand’s critical infrastructure and that includes the country’s top 250 organisations. Learnings taken from that engagement have been used to produce a series of advisory pieces aimed at helping New Zealand businesses better understand their risks and manage them accordingly, says NCSC director Lisa Fong.
“Supply chain vulnerabilities are amongst the most significant cyber-threats facing organisations today.”
The move to outsourcing and “just in time” management of stock has seen companies’ vulnerability increase as any impact can disrupt the delicate balance of holding stock versus having too much on hand. But it is in the increase in reliance on digital third parties that led to the NCSC producing Supply Chain Cyber Security: In Safe Hands.
“As organisations strengthen their own cyber security, their exposure to cyber threats in the supply chain increasingly becomes their weakest point,” says Fong who points to new partnerships and technologies being introduced to businesses via non-traditional means as a real problem. Marketing-led decisions around third-party services can inadvertently introduce new risks and security concerns.
The NCSC report recommends a three-pronged approach to managing risk: Identify, Assess and Manage, and Fong would add a fourth leg which underpins all such decision making – good governance.
Fong says organisations don’t need to conduct their own penetration testing assault on suppliers’ systems – rather they should better understand how important each supplier is to the business’s success.
“Understanding who your suppliers are and which assets are important to your service is the first step.”
The full report can be downloaded here.