Cyber attacks originating in the supply chain have highlighted the importance of understanding where the risks lie within partner networks, according to a platform.
The attacks have included on London North East Railway (LNER), a government run train operator running services on the east coast of Britain, and Jaguar Land Rover. SureCloud points to a survey that found that 60 per cent of enterprises still use spreadsheets to some extent as part of their governance, risk and compliance processes with 86 per cent of mid-sized businesses completely reliant on them. This is no longer an acceptable nor effective approach to identifying risk within a supply chain, according to Matthew Davies, CPO at SureCloud.
He said: “These recent high-profile supply chain attacks should be acting as a wake-up call to all businesses with any kind of partner network. Modern supply chains are large and complex. Manual processes and siloed visibility cannot be expected to provide the insight necessary to build a robust TPRM program and reduce risk. Context-rich, real-time dashboards and automated alerting is needed to stay ahead and provide an ongoing overview as threats change and increase in sophistication.
“The same issues are prevalent at the onboarding stage of partners. Beginning vendor management with effortless, guided assessments can quickly give the overview of potential issues within a new partner’s systems and processes that can be tackled before any contracts are signed.
“As we have seen the impact of such attacks are huge, both on finances and reputation. However, the longer-term impact on regulatory compliance is often overlooked. Again, too much of the compliance process is reliant on manual processes. Looking at automated reporting and evidence-packs can show what has been done to prevent such attacks whilst helping to ensure ongoing adherence.
“The effectiveness of supply chain attacks means that this is going to be an ongoing issue for the foreseeable future. Companies must wake up to the threat and do away with outdated and ineffective manual processes that take too much time and are no longer accurate enough. More focus has to be given to a 360-degree security overview rather than just frontline defences if companies are to remain secure and compliant.”
Likewise a cyber incident impacting the aviation software firm Collins Aerospace affected airports across Europe, including Heathrow, pictured.
