How Information Resilience can Help Businesses Secure Their Place in Tomorrow’s Supply Chain

Written by

Whether it’s called cybersecurity, information resilience or online safety, everyone is in agreement that the proper protection of a business’ digital information is a growing concern, and one that must be addressed to ensure the long-term prosperity of an organization.

While the digitization of information has greatly boosted business productivity, it has left organizations vulnerable to security threats such as computer-assisted fraud, espionage, sabotage and ‘cyber vandalism’.

The rapid expansion of cloud computing and outsourcing personal and business data has only exacerbated problems. Indeed, recent research conducted by BSI amongst IT Directors found that 91% admit their organization has been a victim of a cyber-attack. Around half have experienced an attempted hack, and/or suffered from malware (49% in both instances).

This week is Business Continuity Awareness Week (BCAW), organized by the Business Continuity Institute (BCI) to help businesses understand the value of adhering to best practice in managing risk. Organizations wishing to participate in tomorrow’s supply chains will need to be able to demonstrate that they can stand up to a new challenging environment.

At BSI, we consider information resilience as part of an approach we call organizational resilience; helping an organization to stand the test of time while remaining profitable, and above all secure. It is one of the three areas we see as critically important in achieving organizational resilience in both large and small companies, along with operational and supply chain resilience.

Information is clearly an essential element within an organization in managing performance, ensuring reliable processes and protecting the quality of the end product. However crucially, it is key in maintaining trust and transparency not only for your customers, but also to maintaining relationships within your supply chain.

Some threats are not external, but stem from poor practice internally, such as the misuse or failure to apply intelligence, or simple human error or inaction. The same research found that around four in ten (42%) have experienced the installation of unauthorized software by trusted insiders, and nearly a third (30%) have suffered a loss of confidential information.

In today’s digital world, individual and business customers must be able to trust companies with whom they interact to have adequate protocols in place to protect their sensitive data. Likewise, those companies need to be confident that the measures they have in place are giving them the protection they need. Worryingly, our research shows this is not the case: whilst the vast majority (98%) of organizations have taken measures to minimize risks to their information security, only 12% are highly confident about the security measures their organization has in place to defend against these attacks.

Standards can help in these situations. Best practice security frameworks, such as ISO/IEC 27001 Information Security Management; the Government-backed Cyber Essentials scheme and CSA STAR Certification or ISO/IEC 27018 (which address specific cloud security concerns) can help organizations benefit from increased sales, fewer security breaches and protected reputations.

Additionally, easily recognizable consumer icons such as the BSI Kitemark™ for Secure Digital Transactions may be suitable for organizations that wish to demonstrate they go above and beyond these standards. Yet it is the responsibility of every organization to determine their areas of weakness or risk and to pursue the best framework to enhance their resilience and opportunities.

CIOs could be forgiven for feeling anxious. Barely a day goes by without the emergence of another cyber-threat or damaging data breach – not to mention the need to comply with the rising tide of regulation in this area. The threats are very real, but it is possible to counter them effectively by looking closely and honestly at the digital supply chain, and considering it as part of a much wider operation. Doing so means organizations will be able to harness experience and embrace opportunity, preparing them for whatever the future holds.

What’s hot on Infosecurity Magazine?