What proactive cybersecurity measures you can take to protect your supply chain
To understand why is cybersecurity important, we have to take a look at a recent survey, conducted by Gartner. During a recent Executive Advisory Board meeting at Gartner, highly-acclaimed research and advisory firm specialising in cybersecurity amongst other things, one of its members highlighted that while their team is quite advanced in terms of overall supplier relationship management, they are still frequently surprised when cyber disruptions happen at suppliers.
In response, Gartner surveyed attendees at a COO and CSCO communities event on whether they or their supply partners had been impacted by cyberattacks since the Russian invasion of Ukraine. They were also asked if they were seeing a trend in this type of activity. It was an anonymous poll, and the responses were telling.
The questions asked in the survey were as follows:
- What has your company’s experience been with regard to supply chain-related cyberattacks since mid-February 2022?
- 0% of respondents had a major disruptive event related to their internal systems.
- 27% of respondents had a minor disruptive event related to their internal systems.
- 73% of respondents saw one or more of their suppliers/partners have a major disruptive event.
- 33% of respondents saw one or more of their suppliers/partners have a minor disruptive event.
- What has your company’s experience been with regard to supply chain-related cyberattacks since mid-February 2022, as compared to 2021?
- 50% saw an increase in frequency related to their internal systems.
- 83% saw an increase in frequency related to their partners/suppliers’ internal systems.
The survey concluded that nearly three-quarters of respondents had one or more of their suppliers experience a disruptive cyber event that took key processes and systems down for at least a day. More than a quarter had shorter-term disruptions to their internal operations. This level of cyber activity was an uptick for most when compared to the period before mid-February and the lead-up to the Russian invasion of Ukraine.
“The results of Gartner’s poll only prove the importance of ensuring your business has strong and proactive cybersecurity measures in place when it comes to your supply chain,” says RiskXchange CEO Darren Craig. “It’s also extremely important that the extended supply chain, 4th parties are protected, along with the company’s own internal assets and systems.”Darren Craig, CEO at RiskXchange
“There are many ways to respond to cyberattacks, but the best is to narrow your attack surface and bolster security,” Craig added. “Continuously monitoring your security posture also goes a long way toward preventing attack and for spotting the warning signs as they develop.”
How to implement proactive cybersecurity measures
Within most companies, supply chain leaders are only granted the authority to execute CIO or chief information security officer (CISO) directives on cybersecurity. A challenge to this model is that often the weakest cyber links exist with suppliers and other external partners. CSCOs and their teams need to engage to ensure the extended value chain is protected, along with internal systems and assets.
Beyond governance issues, there are ROI-related decisions on the required response. It’s often difficult to make executives understand why is cybersecurity important and how much the company needs to invest to protect itself from the attacks.
One way to assess the amount of focus and resources that should be placed on extended value chain security is to treat this investment like any other type of risk mitigation or insurance policy. Gartner suggests the following proactive cybersecurity measures:
- Technology and business drivers should influence how much is spent on a cybersecurity program and for what level of protection. This framing should be captured in a protection-level agreement (PLA) between the IT team and business leaders.
- The PLA sets out the desired security and business outcomes and how the outcomes will be addressed by a set of controls that are consistent, adequate, reasonable, and effective.
- CIOs should not expect executive decision-makers to express their needs for protection in cybersecurity terminology. Instead, protection levels should be framed and influenced within the context of the following business drivers: Business operations, regulatory demands, shareholders, partners, cyber insurance eligibility, benchmarks, and observable business impact.
The first step in most remediation efforts is admitting that you have a problem and then moving on to creating a solution.
So, why is cybersecurity important?
Cybersecurity is key to securing your company’s reputation and protecting its assets. This includes personally identifiable information (PII), sensitive data, protected health information (PHI), intellectual property, personal information, data, and industry and governmental information systems.
RiskXchange’s integrated cybersecurity risk platform helps you discover, continuously monitor, and reduce the risk across your enterprise and supply chain. RiskXchange is the only platform that provides a complete 360-degree view of your attack surface, including that of your vendors. It will continuously monitor your complete attack surface, highlight any risk, and enable you to fix any issues before the attacker discovers them.
Get in touch with RiskXchange to find out why is cybersecurity important and what other proactive cybersecurity measures you can take to protect your organisation.