Marsh found nearly 70% of respondents do not assess the suppliers and/or customers they trade with for cyber risk. 50% of respondents also stated their organisations have not been asked to demonstrate a competent standard of their IT security practices to their bank and/or customers to do business with them.
Stephen Wares, Marsh’s cyber risk practice leader in Europe, said more work needs to be done to consider cyber security as a business issue, as opposed to a technical problem.
“This is especially true for larger organisations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the ‘back door’ into their IT systems,” he said.
Organisations should include supply chain security as part of their strategy to reduce the risk of data breaches, an expert panel told attendees of Infosecurity Europe 2015 in London.
Information security weaknesses at suppliers have been responsible for several high-profile breaches in recent years, including malware-laced phishing emails sent via an air-conditioning supplier to US retailer Target in 2013.
Cited and more on this story at Computer Weekly
How do you assess the Security risk that your third party providers bring to your front door?
This ties in quite nicely with a recent published post Supply chain Risk: Defending Business Continuity & Improving Cyber Security
We had a webinar a few weeks ago on this subject; recording in link below:
Led by ZeroDayLab’s Managing Director, Kevin Roberts (left) and Pre-Sales Manager, Stuart Peck (right); the webinar was hot on the heels of the latest supplier breach suffered by TalkTalk, and looked at supply chains, breaches and how you can get better visibility and management over your risk..
No comments:
Post a Comment