Monday 23 February 2015

Supply Chain Risk: Defending Business Continuity & Improving Cyber Security

A level of trust is often assumed when working with contractors, partners and suppliers but with over 40% of insider threats emanating from these third parties, how can a business track and manage this risk organisation-wide?
"One reason why organizations do not have effective plans in place for internal threats is that many classes of insiders, such as partners and suppliers, are invited within network perimeters and a certain level of trust is assumed,” says John Hunt, PwC Principal. “Businesses should understand that trust in advisors should not be implicit.”

The breaches we see in relation to hackers infiltrating there targets supply chain:
  • 2010 McDonaldshad a security breach that saw its customer’s emails, contact information and birth dates compromised. McDonald's said it had hired the marketing services firm Arc Worldwide to coordinate its e-mail promotions. Arc then hired another company to manage the e-mail list. It was that company, which Arc and McDonald's would not name, that suffered the breach.http://www.theregister.co.uk/2010/12/14/mcdonalds_data_breach/
  • China Governmentstole F-35 blueprints from Lockheed Martin (according to whistle blower Edward Snowden). Stealing 50 terabytes of data, including the blueprints for the Pentagon’s most advanced weaponry, including the Black Hawk helicopter and the brand new Littoral Combat Ship used by the Navy, have all been compromised. http://rt.com/usa/us-chinese-report-defense-888/
  • Home Depot, 53 million emails stolen. Criminals used a third-party vendor’s user name and password to enter the perimeter of Home Depot’s network.https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf
  • Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. On 20th May 2014, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to our source. The hacker then performed a full wipe of every device and subsequently took out the MobileIron server itself. http://www.theregister.co.uk/2014/06/23/aviva_heartbleed_hack/ 
Join our webinar where we will be examining the threat environment, a new 360 approach to Supplier Evaluation Risk Management and a demonstration and case study of how one leading organisation's collaborative approach to Supplier Risk is providing greater transparency, consistent reporting and risk analysis across multiple functions and departments and eliminating spreadsheet management; in less time and more cost-effectively.

Click to Register

No comments:

Post a Comment