The World Economic Forum (WEF) has produced a report on the threat facing global supply chains and how companies need to build cyber resilience in. AJ Thompson, pictured, CCO at Northdoor plc the IT firm, says that it’s good to see a leading voice such as the WEF recognising the threat that is facing companies. He says: “Supply chains are now hugely complex beasts and so interconnected that, as we have seen over the past few months, an attack on one organisation can have a devastating impact on many others within the network.
“Building cyber resilience into every aspect of supply chains, as the report points out, is now going to be critical to better protect companies from breaches. There has been, understandably, a huge focus from companies looking to beef up their frontline defences, to keep out cyber criminals. However, no matter how much is spent on such defences, one vulnerability within a supply chain negates all that investment. Without building resilience within supply chains, you are essentially bolting the front door but leaving the back one wide open.
“Vulnerabilities within supply chains are usually caused by a lack of visibility and understanding of partner’s cyber defensive capabilities. Traditional methods of collecting such information have been in the form of questionnaires sent out to partners or potential partners. Static spreadsheets cannot provide the information needed to build resilience. They rely on the knowledge and, frankly, honesty, of the person filling it out. Instead, companies should be looking for data over questionnaires. Some are turning towards automated, AI-driven tools that can provide a 360-degree view of a supply chain, immediately highlighting areas of potential vulnerability.
“This is not just important to keep systems safe, but to ensure compliance in an increasingly complex regulatory landscape. Regulations such as DORA and the UK Cyber Security Bill, have meant companies have to ensure that all potential gaps in security are closed and monitored. We have seen the financial and reputational cost to companies that suffer a supply chain breach, but what is not as visible is the regulatory consequences.
“The supply chain represents such a wealth of opportunity for cyber criminals that this threat is not going away but will certainly increase over the coming months. The WEF is correct to highlight the threat and the need to build resilience into networks. Ensuring that this resilience is built on data and not questionnaires is a critical first step
