Most organisations rely upon suppliers to deliver products, systems, and services. These supply chains can become large and complex, with many suppliers doing many different things. Securing the supply chain therefore can be complicated.
The following three points will help to prevent supply chain cyber-attacks:
· Understand the risks
you need to understand what needs to be protected and why. To do this, understand the value of your information or assets which suppliers hold. You should also understand who your suppliers are and what their security looks like, this will give you a good overview of any weaknesses.
· Gain control
communicate your security needs to your suppliers, ensure that they understand their responsibility to provide appropriate protection for your contract information and services, as well as the implications if they fail to do so.
· Integrate assurance activities into supply chain management
ask key suppliers to provide upward reporting of security performance and to adhere to any risk management policies and processes. Ensure that contracts have the ‘right to audit’ built in. Establish key performance indicators to measure the performance of said supply chain management practices.