Brian Sims
Editor
Brian Sims
Editor
CYBER SECURITY experts have issued a fresh warning over the threat of supply chain attacks following a rise in the number of reported incidents. The National Cyber Security Centre (NCSC) – itself a part of GCHQ – has published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains.
The move follows a significant increase in cyber attacks resulting from vulnerabilities within supply chains in recent years, including some high-profile incidents such as the SolarWinds attack.
The new guidance is designed to help medium and larger organisations effectively assess the cyber risks of working with suppliers and gain assurance that sufficient mitigations are in place.
Supply chain attacks can cause far-reaching and costly disruption, yet the latest central Government data shows only just over one-in-ten businesses review the risks posed by their immediate suppliers (13%), while the proportion for the wider supply chain is just 7%.
Ian McCormack, the NCSC’s deputy director for Government cyber resilience, said: “Supply chain attacks are a major cyber threat facing organisations. Incidents can have a profound and long-lasting impact on businesses and customers. With incidents on the rise, it’s vital organisations work with their suppliers to identify supply chain risks and ensure that appropriate security measures are in place.”
McCormack added: “Our new guidance will help organisations put this into practice so they can assess their supply chain’s security and gain confidence that they’re working with suppliers on a secure footing.”
Damaging cyber attacks
Cyber minister Julia Lopez observed: “UK organisations of all sizes are increasingly reliant on a range of IT services to run their business, so it's vital these technologies are secure. I urge businesses to follow this expert guidance from our world-leading National Cyber Security Centre. It will help firms protect themselves and their customers from damaging cyber attacks by strengthening cyber security right across their supply chains.”
The guidance has been published in conjunction with the Cross-Market Operational Resilience Group, which supports the improvement of the operational resilience of the financial sector, although the advice is intended for organisations in any sector. It aims to help cyber security professionals, risk managers and procurement specialists put into practice the NCSC’s 12 supply chain security principles and follows the Government’s response to a call for views last year, which duly highlighted the need for further advice.
The guidance describes typical supplier relationships and potential weaknesses that might expose their supply chain to attacks, defines the expected outcomes and then sets out key steps that can help organisations assess their supply chain’s security.
In addition to guidance focused on improving supply chain cyber resilience, the NCSC has published a range of advice-focused documents to help organisations improve their own cyber security.
The latter includes the 10 Steps to Cyber Security guidance, which is aimed at larger organisations, as well as the Small Business Guide for smaller organisations.
