Intelligent CISO Issue 49 - Page 76

A solid supply chain security strategy can improve your brand ’ s reputation .
Organisations have many options to assure their suppliers , such as the right to audit within contracts , or a requirement for security standards , for example Cyber Essentials or ISO27001 .
However , the type of requirements should fit the services provided . For example , requiring an office accessories company to achieve Cyber Essentials is probably unnecessary : they cannot access much of your data . In contrast , a HR platform will need to meet higher security standards .

A solid supply chain security strategy can improve your brand ’ s reputation .

Clarifying what you expect of suppliers and explaining that you will regularly review them as part of your SCRMP , helps create a more open relationship . They are more likely to feel comfortable telling you of internal security improvements and programmes .
Remember that security is a cost . Excessive security requirements and arduous assurance processes are an expense to your supplier . Even if this is not immediately obvious , ultimately the cost will fall back to customers through raised prices , or reduced service elsewhere .
Protect yourself through design and standards : No supplier intends to introduce weaknesses into their customers ’ networks – it ’ s not a great business model . Despite best intentions , supply chain attacks will still occur .
We can , however , reduce the damage of these attacks by reviewing the access given to suppliers . Historically , suppliers have been granted excessive access into customers ’ networks , only to realise this mistake once the worst has happened .
Carefully identifying what access a supplier or product requires and implementing ways of monitoring for unusual or malicious-looking behaviour , may not stop a supply chain attack totally , but it could prevent a bad day from turning into a terrible week .
Ultimately , by improving your organisation ’ s approach to supply chain security , you can reduce your exposure to an attack . A solid supply chain security strategy can improve your brand ’ s reputation . When a company assures customers that their supply chain is well-managed , it boosts confidence and builds better relationships . u
76 www . intelligentciso . com