When it comes to keeping your business cyber safe, knowing who your suppliers are is critical. According to Forrester research, more than half of all cyber security incidents that occur this year will involve third parties. For business owners that means taking a closer look at your supply chain.
Henry Ward is the principal security adviser, Pacific at Trustwave. He said that while it might sound simple, many businesses don’t know who all their suppliers are.
“You can start with procurement and ask them for a list, but you’ll often have to scan IT suppliers in detail, as well as everything from financial providers to courier companies,” Mr Ward said.
“Many procurement departments vet suppliers only on service or supply charge clip levels and small dollar value suppliers don’t reach the threshold.
“Working out which suppliers matter to your business and assessing the impact that any cyber incident that they experience might have on you is the next step. Many consultants stay with group vendors by criticality, but this can be harder than it seems. Does that vendor have access to company systems, classified data or PII? Assess their criticality – how it relates to your business and how an incident would cause problems for your board, management team or business operations – if you have to pull the plug on a vendor, does your business stop, too?”