INTELLIGENT BRANDS // Enterprise Security
POWERED BY
Infosecurity Europe poll reveals IT professionals ‘ very concerned ’ about supply chain security risk
Over one-third ( 38 %) of IT professionals say they are very concerned about the security risks third-party providers present to their organisation , according to the latest Twitter poll run by Infosecurity Europe , Europe ’ s number one Information Security event . More than a quarter ( 27.7 %) admit they have no processes in place to control data and information flow between suppliers , with 20.1 % simply having no idea whether any such measures have been implemented .
In addition to the IT professionals who are very concerned about third-party risk , a further 33.9 % feel somewhat concerned , with a confident 28.1 % saying they are not at all concerned . While more than half ( 52.3 %) of respondents have a process in place to control data flow between providers , only 35.1 % actually enforce this policy . risk assessment for every provider , but recognises the difficulty in keeping on top of them all . “ The starting point is discovery : which organisations do you have relationships with ? What ’ s the nature of the relationship ; do they handle PII on your behalf ? Then prioritise accordingly . Request compliance information and details of cyberrisk insurance and accreditations . You also need to know where your data is and what it ’ s doing , and third-parties must be able to ensure that data transfers are consistent with what has been agreed .”
Security policies for third-parties should be clearly defined , communicated and understood , advises independent researcher , David Edwards . “ Additionally , data protection clauses must be incorporated into the overall contract ,” he said . “ Where data is processed outside the EU , model clauses should be used – including consideration for the supplier ’ s outsourced providers . Technical security controls should also be checked ; for example encryption , access management and data loss prevention systems .” p
Infosecurity Europe also asked IT professionals what security prerequisites would be top of the list when preparing to work with a supplier . The number one priority was a full risk assessment ( 37.9 %), followed by cyber insurance ( 24.3 %), proven compliance ( 21.7 %) and national accreditation ( 16.1 %).
Recent research from the Ponemon Institute and SecureLink found that almost half of all organisations have suffered a data breach via a third-party in the past 12 months . The risk is likely to rise as businesses along the supply chain adjust to yet another shift in working models , creating new vulnerabilities . In addition , organisations will increasingly turn to third-party providers as they seek to streamline their operations , widening their attack surface .
Maxine Holt , Senior Research Director at Omdia , echoes the value of a full
70 INTELLIGENTCIO EUROPE www . intelligentcio . com