[adning id=”12070″]

[adning id=”12070″]

Cybersecurity risks hiding in your SME’s supply chain

When it comes to keeping your business cyber safe, knowing who your suppliers are is critical. According to Forrester research, more than half of all cyber security incidents that occur this year will involve third parties. For business owners that means taking a closer look at your supply chain.

Henry Ward is the principal security adviser, Pacific at Trustwave. He said that while it might sound simple, many businesses don’t know who all their suppliers are. 

“You can start with procurement and ask them for a list, but you’ll often have to scan IT suppliers in detail, as well as everything from financial providers to courier companies,” Mr Ward said.

“Many procurement departments vet suppliers only on service or supply charge clip levels and small dollar value suppliers don’t reach the threshold.

“Working out which suppliers matter to your business and assessing the impact that any cyber incident that they experience might have on you is the next step. Many consultants stay with group vendors by criticality, but this can be harder than it seems. Does that vendor have access to company systems, classified data or PII? Assess their criticality – how it relates to your business and how an incident would cause problems for your board, management team or business operations – if you have to pull the plug on a vendor, does your business stop, too?”



Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month.

Mr Ward suggests asking the right questions of suppliers to gather the appropriate evidence needed to mitigate risks.

“Questions range everywhere from the supplier’s ability to encrypt data, use of MFA, password policies, patching program management, architecture and segmentation, cloud usage and many more,” he said.

“Your assessment questions must be balanced. Too little and you won’t know what’s really going on; too much and you’ll be lucky to get a response from your suppliers.

“More importantly, you should be going further than assessment questionnaires. Ask for evidence – security policy, penetration test reports, certifications like ISO 27001 and SOC2 reports.”

Learn more about this topic

at SmallBiz-Week

Forum tickets on sale now 


Leave a Reply

Your email address will not be published. Required fields are marked *


Get breaking news delivered
This field is for validation purposes and should be left unchanged.


Austrade Approved Business Events
AVAILABLE NOW APPLY BEFORE 30th MARCH 2021 (Condition apply)

  • ABF Events are approved and listed below have been certified by Austrade on the Schedule of Approved Business Events.
  • This allows exhibitors, sponsors, delegates and partners to participate in the Business Events Grant Program. Note event bookings need to be confirmed ASAP to participate in the grant program
  • The program provides 50% rebate (based on a minimum spend of $20k) for approved items including ABF event-media packages, exhibition stands, corporate function tables, delegate registrations.
  • Govt Grant applications are now open until the 30 March. Please contact ABF to discuss how we can assist, we have experts to assist grant applications.
  • Grant funding will cover up to 50% of eligible expenditure incurred in participating at pre-approved business-to-business events as buyers or sellers during the 2021 calendar year.  All grant applications must be submitted for approval via the following link: https://business.gov.au/grants-and-programs/business-events-grants
  • For further information please see this fact sheet.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?