Securing the digital supply chain has risen up the corporate agenda in light of increased reliance on outsourcing, largely influenced by cloud computing, mobile technology and a change in cybercriminal focus and behaviour.
Online criminals are increasingly looking to exploit smaller supplier organisations as opposed to the large corporate businesses sharing the data. These small suppliers often comprise of less than 250 employees, have a very small security staff (if any), immature security monitoring, tools or testing capability, and divergent priorities (namely trying to grow and stay in business) to protecting a larger organisation's data.
Last year's Target breach, which saw hackers gain remote access via the retailer's heating and cooling software supplier, has thrown the issue of supply chain security into sharp relief. In the Age of Information, businesses have had no choice but to become sprawling networks of interconnected third parties in order to effectively operate competitive and complex digital businesses. Target illustrates that lapse security in any one supplier can lead to a breach with catastrophic reputational, legal and ultimately economic consequences.
IRM often finds that clients spend vast quantities of their IT security budget bolstering internal network infrastructures and applications, without applying the same thorough examination to their vendor partners. Furthermore, when responding to a cyber-incident, integration of cyber risk management into supply chain management is almost always found to be limited, or has even been completely ignored.
This digital supply chain security webinar will address the following concerns and questions:
- Third party risks are by no means a new phenomenon, but what changes and impact has cyber introduced into the risk environment?
- Where does the line of responsibility for information and cyber security fall between the outsourcing business and its supplier?
- What level of due diligence should be required prior to contract signing?
- How realistic is it to require suppliers to adhere to equivalent standards applied by the outsourcing organisation?
- To what extent does keeping the supply chain cyber-proof fall into procurement's domain?
- How can business monitor the sensitivity/value of their data AND who is able to access it?
- Why should businesses look to start building a supply chain cyber risk management programme?