Browse our certifications
Find training
Open page navigation
Cyber Security

Strengthen your weak links

Supply Chains

A supply chain is a series of people, process and organisations working in tandem to move a common product or service. Collaborating in partnerships with other companies can give a significant advantage to any organisation looking to build exposure and growth, however, it is the very nature of these ‘tit-for-tat’ relationships that allow companies to unknowingly expose some of the most sensitive areas of their business. This naivety has attracted exploitation from cyber criminals around the world. In fact, some of the most large-scale cyber attacks in recent history are the result from a breach within vendor or supply chain. Let’s look at some of the widely publicised ones:

2014 – Target Corporation

Attackers used credentials stolen from a heating, ventilation and air conditioning supplier to infiltrate the Target Corporation. They stole information relating to the names, physical addresses, phone numbers and email addresses of an estimated 70 million individuals.

2017 Panama Papers

A law firm containing almost 13 million files for third party clients was hacked. Aptly named “Panama Papers” the attack sparked financial and reputational damage by highlighting tax avoidance by many high-profile corporations, politicians and celebrities.

2018 – Equifax

An exploitation in the software that runs their online databases, allowed criminals to steal to personal data of as much as 143 Million individuals in the infamous Equifax breach.

2018 Paradise Papers

11 million files containing 2.6TB of data relating to 214,000 companies who held offshore accounts was leaked after a breach into another law firm.

Are these attacks isolated or part of some freak occurrence? Unfortunately not. Opus.com, a data breach company, claims that 56% of organisations have received targeted attacks via a third-party company. Unsurprising considering they also state that 17% of organisations feel they are highly effective at mitigating a third-party attack.

What can you do to prevent the risk?

The National Cyber Security Centre, the UK Government’s authority on Cyber security offers some helpful advice to manage your supply chains and prevent attacks occurring with your vendors.

  1.  Institutionalize a multi-stakeholder supply chain risk assessment process that engages as many members of the supply chain as possible

You’re only as strong as your weakest link. The weakest link in your supply chain will not only expose themselves and your organisation to attackers but potentially exposes every other member of that chain.

  1. Encourage them to meet a security benchmark such as Cyber Essentials, Cyber Essentials PLUS and ISO 27001

Undertaking a security assessment, such as the above mentioned can be highly beneficial. By setting a benchmark and making this the requirement for new and existing vendors allows you peace of mind that they have been third-party verified.

The Ministry of Defence (MoD) sensitive government procurement and Nuclear Decommissioning Authority (NDA) have all required Cyber Essentials for admittance into their supply chain. Now all sensitive Government contracts require Cyber Essentials as a minimum.

  1.  Improving relationships amongst members of the supply chain is also very important for improving cyber-security within it

Many organisations will not want to adopt regulations for companies joining their supply chain, as this could hinder the process and deter potential partners and/or leads. However, ensure that you work with the correct organisations who share your mindset to protect both your organisation and the customers you both share. APMG offers many solutions with which to augment your organisation and supply chain – thereby mitigating the risk of suffering a situation like the ones mentioned above.

APMG has been appointed by the UK Government to approve Certification Bodies delivering both levels of Cyber Essentials. APMG is also an Accreditation Body for the ISO 27001 Certification – ensuring maximum quality for its associated training courses.

Learn how to take control of your supply chain - Get in touch with us today.

RELATED PRODUCTS

Large pile of timber logs perfectly stacked

ISO/IEC 27001

Demonstrate exemplary management of information security

View more
Silhouette of a back-turned person, shining a helmet torch's beam into a starry night sky. The figure represents NCSC.

NCSC Assured Training

Identify high quality, relevant cyber security training courses

View more
AI Practitioner (AIP) Programme

Artificial Intelligence Practitioner Certification (AIP)

Learn how to use AI to reach your goals and reshape the way you work with the Artificial Intelligence Practitioner certification.

View more
Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Select any filter and click on Apply to see results