The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) is requesting views on supply chain cybersecurity. These views will look to be incorporated into its new National Cyber Security Strategy. Research conducted by The United Kingdom’s Department for Digital, Culture, Media & Sport indicates that only 12% of organizations and 36% of large firms formally review cybersecurity risks coming from their immediate suppliers and only 5% address vulnerabilities in their wider supply chains.
Supply chains can be large and complex, whilst involving many suppliers doing many different things. Most organisations trust and depend on numerous suppliers to deliver products, systems, and services. Effectively securing the supply chain can be hard because vulnerabilities can be inherent, or introduced and exploited at any point in the supply chain. A vulnerable supply chain can cause damage and disruption in numerous ways.
Cyber supply chains and third-party service providers have become more prominent and more essential, especially due to the increasing movement of operations online and COVID-19. Threat actors and cybercriminals can use the vulnerabilities in suppliers’ systems to gain access to businesses throughout the supply chain, and as a result, potentially affect numerous businesses. The UK government has acknowledged this and would like to ensure that supply chain cybersecurity is a key part of its new National Cyber Security Strategy.
The National Cyber Security Centre (NCSC) offers various types of extensive support to organisations to help assess their suppliers’ security risks. Despite this, the UK government wants to understand what more can be executed to support UK firms with their supply chain cybersecurity. The proposed framework could require managed service providers to meet the current Cyber Assessment Framework principles. The framework also sets out measures that organizations ought to take, including ensuring data is protected in rest and transit as well as training staff and ensuring a positive cybersecurity culture. To understand more about how Orpheus Cyber protects against third party supply chain management, click here