How many organisations know what their supply chain cyber risk is? Is it the big partners, supplier and customers or the smallest partners, customers or suppliers that you work with? Is the next attack going to originate inside your own network or from elsewhere?
As part of digital transformation, organisations are rapidly connecting supply chains to their core IT systems. Yet few appear to do any detailed analysis of those chains and the risk they bring. BlueVoyant recently published its Global Insights: Supply Chain Cyber Risk survey (registration required).
To understand more about the problem, Enterprise Times spoke with Robert Hannigan, Chairman of BlueVoyant International. Hannigan has a long history in cybersecurity, especially around Government. He is a former director of GCHQ and set up the National Cyber Security Agency. He believes that one of the biggest issues for CISO’s around supply chain cyber risk is the lack of data people have.
It’s a catch-22 situation. How do you assess all your suppliers? What if you have 10,000 suppliers? Even if you had the people and computing systems to start, Hannigan says: “it’s quite hard to quantify what that risk is.” He points out that while companies do probity and business risk checks, they don’t know where to start with cyber.
So where do you start? Pentest your clients? Send them yet another multi-page questionnaire? Hope your cyber insurance will cover you?
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.