Firms need more than trust to secure supply chains

02 May 2023 Consultancy.uk

While the UK’s National Cyber Security Centre has issued a new set of advice on how companies may map their supply chains, much of the advice relies on trust and goodwill. According to consultants from Northdoor, this could still risk leaving firms exposed to cyber-attacks.

The National Cyber Security Centre (NCSC) is an organisation of the UK Government that provides advice and support for the public and private sector in how to avoid computer security threats. Based in London, it became operational in October 2016, and its parent organisation is the country’s Government Communications Headquarters – commonly known as GCHQ.

In an ongoing effort to help companies understand and shut the vulnerabilities that lie within their supply chains, the NCSC has issued its latest advice. It has outlined how companies should consider supply chain mapping (SCM) in order to gain an up-to-date understanding of their network of suppliers, to help better manage cyber risks. According to AJ Thompson, CCO at consulting firm Northdoor, however, the plans may not go far enough.

Firms need more than trust to secure supply chains

“The NCSC is right in continuing to highlight the dangers to companies through supply chains,” Thompson explained. “It is undeniable that the threat to supply chains from cyber criminals is increasing all of the time. It is encouraging that the NCSC is continuing to place a real emphasis on it. But companies have to look beyond the traditional approaches to auditing partners and instead embrace a 360-degree view of your entire supply chain, securing data and keeping cyber criminals out.”

The new advice of the NCSC tells businesses the type of information a SCM should include, while also talking about full inventories of suppliers and subcontractors – something it was recently revealed, half of UK firms do not monitor – while also advising companies to ensure that they put an audit in place to find out about their data management, data integrity and management controls for suppliers’ access to physical sites.

Thompson believes that as much of this information is provided by partners, though, there are huge levels of trust needed if the NCSC’s advice is to be followed properly. Even though trust may be considered an essential element of any business partnership, the threat from increasingly sophisticated cyber criminals means that firms cannot afford to put their future at risk on the basis of trust alone.

Thompson continued. “But paperwork and a reliance on the honesty of your suppliers is not acceptable when the cost of a data breach is so substantial, both in terms of cost, loss of critical data and irreparable damage to reputation. Instead, a near real-time view of where vulnerabilities lie across a supply chain is essential for keeping cyber criminals out. No matter how much you spend on your frontline security, if your partners are letting hackers in through the backdoor, any investment is negated.”

Northdoor is a London-based IT consultancy company, which was originally established in 1987. It provides a broad range of IT services tofinancial and insurance companies in the City of London and elsewhere, and also regularly helps clients with its supply chain risk solutions.

Citing how businesses might take more control of their supply chain security, Thompson concluded, “Spreadsheets and a reliance on the honesty and knowledge of your partners are not enough. Using innovative technology that utilises AI can give you a 360-degree view of your entire supply chain and where the potential vulnerabilities lie. This enables you to have discussions with existing and potential partners and toshut the vulnerabilities before cyber criminals are able to take advantage.”