Intelligent CIO Europe Issue 53 - Page 93

FINAL WORD code of suppliers . The return on investment for attackers , compromising one organisation then getting access to many others , makes software vendors an enticing target .
Ideally , you ’ ll extend this to your suppliers ’ suppliers . This will give a detailed view of your extended supply chain , enabling better security management .
Despite this , many organisations fail to prioritise supply chain security . A DCMS 2021 survey found that most UK organisations have not reviewed risks posed by their suppliers and broader supply chain .
While you cannot control whether suppliers suffer data breaches , you can reduce the risk of a supply chain attack impacting your company . Here are four ways to improve supply chain security and avoid backdoor attacks .
Understand your supply chain and critical suppliers : A robust security strategy is dependent on visibility . Ensure your company understands who your suppliers are and what data they can access . Then identify which of these provide you with essential services or , if services went down , would cause severe disruption to your own operations : these are your critical suppliers .
Manage your risks via a supply chain risk management programme ( SCRMP ): Establish a formal process for procuring and managing digital suppliers . Companies have been assessing and onboarding physical suppliers for years . Many commercial teams already conduct supplier assessments . Is a separate process necessary for software , or can existing processes be modified ?
A robust security strategy is dependent on visibility . Ensure your company understands who your suppliers are and what data they can access .
www . intelligentcio . com INTELLIGENTCIO EUROPE 93