Interestingly, the same supply chain that offers us these sought-after innovations and solutions also opens up our information systems to cyber risks and threats. Cyber supply chain risk assessment is the process of assessing cyber risks that are imposed by supply chain and third-party vendors.
A classic supply chain risk assessment example is the controversial scoop by Bloomberg in 2018 about Chinese spy chips embedded into the hardware of major US server suppliers including Apple and Amazon. The story highlights the unique difficulties businesses and government agencies face in relying on a global technology supply chain that is constantly becoming more complex.
These general guidelines will help you get started with your supply chain risk monitoring.
1. Identify and prioritize supply chain vulnerabilities.
Third-party risk management teams should identify and prioritize all information supply chains, as well as physical supply chains. For example, if you’re purchasing new hardware, chain-of-custody practices are much more relevant than if you’d be purchasing software. If you’re purchasing software, DevSecOps (short for development, security, and operations), a development practice that integrates security initiatives at every stage of the software development lifecycle, should be of concern.
2. Engage Suppliers at Key Points
Streamline onboarding, offboarding, and contracting processes. If possible, it is recommended to meet with current and potential suppliers, review security policies and audit them annually or as necessary. Do not rely on the self-attestations of your potential suppliers.
3. Delegate an Assessment Team
Appoint a team focused on uncovering security vulnerabilities in hardware and software. Although not every company has the funding and resources for maintaining an operation like this, organizations that can afford it should definitely implement this important process.
4. Leverage Blockchain Technologies
Blockchain makes global supply chains more visible by allowing companies to interact directly with suppliers. The information in blockchain is distributed across an open source network of connected computer systems, making it more secure and less prone to malicious tampering. Centraleyes is a scalable digital solution that automates the assessment and monitoring of your supply chain. It will provide you with better security practices and streamline third- (and fourth!) party risk management workflows.
Please login or Register to submit your answer