For any modern business supply chain management already presents a number of complex challenges in understanding it's exposure to risks. The added complexity of Cybersecurity only amplifies this as the relationship between humans and technology becomes more intricate raising security concerns which are harder to predict.
New research from the Institute of Directors and Barclays reveal that although majority of organisations (95%) think IT security is important, nearly half (45%) have no formal cyber strategy in place, while still fewer invest in cyber awareness training (44%) or know who to contact in the event of an attack (40%).
“if you’re not concentrating on cyber, you are courting chaos and catering to criminals“. - Matt Hancock (Ministry for Digital and Culture)
With that being said the security of your supply chain is potentially only as strong as that of the weakest member of the supply chain. A determined aggressor, notably APT's (Advanced Persistent Threats) will take advantage of this by identifying the organisation with the weakest cybersecurity. Not always the case but this is most often the smallest organisation in the chain, due to having limited capital and resources.
Why is my business being targeted?
A Data Breach Investigations Report (2017) report by Verizon states that small organisations like ours accounted for 92% of the total number of cyber incidents. Which is no surprise since most of the biggest data breaches were due to a weakness in the supply chain.
SME's are typically more vulnerable and pose a higher risk for larger companies whom we depend on. Cybercriminals will take advantage of any weakness in order to infiltrate the larger organisation within the supply chain.
To defend your business against any cyberthreat your organisation needs to implement the security fundamentals which are all covered under the Cyber Essentials scheme.
Why Cyber Essentials?
The accreditation measures your security against the basic fundamentals and more being:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access controls
- Malware protection
- Patch management
Simply having the badge can give you a competitive advantage amongst your peers. As it promotes a standard of security across your supply chain, amplifying that you take cybersecurity seriously to your existing and potential stakeholders. You will then start to see more lucrative contracts from both the private and public sector.
Ever thought about applying for government contracts? Well, its mandatory that you hold this accreditation first since you will be handling what is deemed as 'sensitive data'. Even some of the larger firms such as Vodafone, Barclays, Lockheed Martin and Airbus now encourage their suppliers to adopt Cyber Essentials.
Unfortunately, criminals hacking advancements won't stop overnight so this accreditation needs to be maintained annually; reviewing your technology, people and processes both internally and from suppliers. This allows you to easily filter out any exploitations that could prove devastating to yourself or partner organisations.
Security hygiene is now at the forefront of any B2B transaction and this will be further tested after May 2018 when the new GDPR legislation becomes enforceable. Practice and enforce your standard of data security and join the existing 6,000 businesses by gaining the government and industry-backed accreditation which is Cyber Essentials.
Give us a call on 01527 570 535 and let's discuss how we can help you!