More rigorous standards must be applied to the supply chain to ensure cyber security

Cyber Essentials should become de facto standard for doing business in the UK, says APMG.

  • 9 years ago Posted in
Within a networked supply chain, every company is only as strong as its weakest link, and any entry point for cyber criminals – no matter how decentralised from the core security of the organisation, poses an intrinsic threat to the entire network.
 
To address this, businesses should pay closer attention to the cyber security arrangements of their partners – and demand Cyber Essentials as a matter of course during the tendering process, says APMG International.
 
Richard Pharro, CEO of accreditation and certification body, APMG, commented: “Small companies don’t tend to be very well protected partly because they don’t have the resources to bolster their defences, but also because they don’t feel like they’ve got information that is very important. What they do offer is a pathway to information on other systems – the backdoor in to their partners’ organisations. The supply chain is one of the biggest issues facing businesses today, and it’s only now after some very large and high profile breaches that this issue is coming to the fore. As a cyber criminal, if you know a large company is very well protected, but a small supplier isn’t, you go for the smaller company.
 
“Taking the example of the weakest link, if your partners or subsidiaries have weaker cyber security defences than you do, there’ll be a chink in the armour. If you don’t take steps to address this, you are opening yourself or your partners up to potentially huge risks. With a little imagination, any defect in the sprawling infrastructure could be exploited, with huge repercussions. The breach of US retailer Target in 2013, initiated through its heating, ventilating and air conditioning contractor, stands as a prime example of this, highlighting the importance of supply chain security,” he continued.
 
Pharro went on to say that the world of business should build on the example recently set by the UK Government last year and make certification against Cyber Essentials a compulsory requirement for organisations bidding for contracts.
 
Developed by the UK Government as part of a broader initiative to raise cyber security awareness and preparedness in businesses of all sizes, Cyber Essentials provides a set of criteria against which organisations can measure their cyber security systems. Achieving the certification demonstrates to customers and partners that a business has taken basic and essential cyber security precautions.
 
“While there is arguably more work to do to secure the public sector supply chain, the Government has set a good example by demanding that certain suppliers certify against Cyber Essentials. There is a strong case that the public sector should hold their suppliers to a similarly high account and make Cyber Essentials a mandatory requirement for doing business. The Government estimates that 80 per cent of successful cyber attacks could be stopped by basic security measures. By opting to only work with suppliers that have achieved Cyber Essentials, businesses would go a long way to improving the security of their supply chains and their data,” Pharro concluded.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...