Security Think Tank:
Balanced approach can detangle supply chain complexity

Francesca Williamson
Published 08 - July - 2022
Read the full article on ComputerWeekly
risktechnologysupply chaincomputer weeklypeople
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices.

Supply chains are now a fundamental element to the operations of many organisations, as they are not only responsible for the flow of goods and services, but the flow of information too. The ever-increasing reliance on supply chains, combined with the limited control and visibility over the security practices of suppliers, makes the supply chain an ideal target for cyber criminals who want to disrupt and profit from their attacks.

The interdependencies of the supply chain means that attackers can impact up to 10 times as many organisations compared with previous siloed attempts. Targeting key suppliers with connections into many different organisations means that attackers can compromise information at high scale, with relatively low effort.

Organisations need to get on the front foot to counteract the surge in supply chain attacks. Looking at increased automation and improving transparency with their supply chains will help to advance their understanding of supply chain security, allowing them to work with the suppliers to enhance secure practices.

Increased automation

The ever-increasing complexity and scale of supply chains will soon result in some level of automation becoming a necessity. As more and more information is shared across the supply chain, it is nearly impossible to process and keep track of data without the help of technology. The automated functionalities of a supplier assessment tool can help to increase the accuracy, efficiency and transparency of the supply chain, all of which will help to strengthen security.

Automation helps to increase efficiency within supply chain management by reducing the time spent on repetitive and time-consuming tasks. For example, sending out assessment requests or reminders individually to suppliers is a necessary, but at times tedious task. The use of a supplier assessment tool can be utilised to simplify and automate this task by grouping together suppliers based on risk and sending out assessments designed for their risk level at the appropriate frequency.

To achieve the most accurate and reliable profile of a supplier’s security posture, continuous monitoring is required, which is only realistically achievable when automation is incorporated. There are a number of different methods available for continuous monitoring, which include but are not limited to: security ratings, supplier self-assessments and security certifications.

The greatest value from continuous monitoring is extracted from the outputs produced. Most assessment tools will present the findings in a dashboard that provides a visual representation of the security of suppliers, helping to increase the visibility of the status of the supply chain by providing the results in an easy-to-comprehend format.

Improving transparency

Lack of visibility into the supply chain was regarded as the biggest barrier to effective supplier cyber risk management, according to a survey conducted by the UK government. Incorporating supplier assessment tools into the supply chain management process can help to achieve greater levels of visibility. This is because the technology can store, process and analyse a large quantity of data much more quickly…

Read the full article here
Security Think Tank:
Balanced approach can detangle supply chain complexity
Read the full article on ComputerWeekly