Updated: Jul 5
Your closest supplier can become your biggest problem. Overnight. Are you prepared?
Most organizations are not prepared for a 3rd party (supply-chain) cyber attack, and in today's' hyper-integrated economy, it means ignoring a significant business risk. And those risks have never been higher.
Why? Because it makes sense for the attackers.
Why waste efforts trying to hack a well-protected enterprise when you can quickly go through one of its suppliers. It also scales! The attackers gain access to multiple organizations through a single attack.
So don't wait for that 3 AM call from one of your suppliers telling them they have been hacked. Plan for it.
* Gain visibility to who your suppliers are. Some suppliers are obvious; some are not.
* Assess existing suppliers and new suppliers' cybersecurity posture and simulate your business impact, assuming they are breached.
* Educate your ecosystem on the importance of elevating their posture and demand thresholds to be met as part of doing business together.
* Facilitate a process that allows you to learn about incidents on your vendors' side as quickly as possible.
* Document suppliers' efforts to assess progress and compliance over time.
* Constantly monitor the landscape. Periodically is not enough.