Cyber security protection for your business and supply chain

Protecting your business against cyber supply chain attacks is needed risk management. EBS are experts in safeguarding SMEs with cyber security underpinned by the government’s CyberEssentials Plus.

Cybersecurity: more than just keeping your business safe 

Cybersecurity is more than just keeping your business safe. Cybercriminials can expose any vulnerability and that includes those in your supply chain. Wherever there might be a weak link in that chain there is a risk of sensitive data or access to critical systems being exposed across all parties involved. 

Recent reports indicate that supply chain attacks are causing more issues for businesses than malware.  Gartner found that 89% of companies have experienced a supplier risk event in the past five years. This is only set to increase but protecting your business with EBS and CyberSmart can help.

What are supply chain attacks?

A supply chain attack is when a cybercriminal gets into a company’s systems through weak spots in its supply chain network. This could involve things like putting harmful code into the software’s source code or breaking into another company’s data to get important information.

Supply chain attacks are also known by other names like:

  • Third-party attacks
  • Value-chain attacks
  • Backdoor breaches
  • Island hopping attacks

Am I at risk as an SME?

Cybercriminals often target suppliers because they’re seen as the weakest link in a company’s online security. This is true for companies of all sizes who are in a chain of activity.

It can be difficult for a cybercriminal to break into a larger organisation or those who invest in cybersecurity. That’s why they target others in the supply chain who might not have the latest cybersecurity software and protection.

By attacking these weaker spots in the supply chain, cybercriminals can work their way into a company’s systems.

Supply chain attacks work well because businesses trust their suppliers. Surprisingly, only a small number of businesses actually check the cyber risks of their suppliers. This gives cybercriminals a way to target bigger rewards by going after less protected parts of the supply chain.

Only 13% of UK businesses assess the cyber risks posed by their immediate suppliers, according to recent government data. And that figure drops to just 7% for the wider supply chain.

 

What can you do to protect your supply chain?

Today’s businesses understand that their security isn’t just about their own systems anymore; it also involves the suppliers they work with up the supply chain. If one supplier’s security is weak, it can put everyone else at risk.

To deal with this danger, companies of all sizes can team up with their suppliers to make sure everyone understands the risks of cyber threats.

Having strong cybersecurity isn’t just a bonus for suppliers anymore—it’s a must. All companies should work towards suppliers to have a certain level of protection in place. 

Introducing More Stringent Cybersecurity Requirements

Cybersecurity certification is not essential for most UK businesses. But the recent rise in cybercrime is a sign for companies to re-evaluate their cybersecurity requirements across their supply chain.

An official cybersecurity certification such as Cyber Essentials and more rigorous accreditations, like ISO 27001 can protect your business and show you the cybersecurity commitment from your supply chain too.

Following NIST Best Practice Guidance

The Best Practices in Cyber Supply Chain Risk Management, created by the National Institute of Standards and Technology (NIST) provides three basic principles that all businesses can follow to secure their supply chains:

  1. Build your defences on the principle that your systems will be breached
  2. There shouldn’t be any gap between digital and physical security
  3. Cybersecurity is more than a technology problem
  • Work with suppliers to address any vulnerabilities and security gaps.
  • Adopt a ‘one strike and you’re out’ policy with suppliers.
  • Obtain the source code for all purchased software.
  • Implement track and trace programmes to ascertain the provenance of all components and systems.
  • Automate manufacture and testing regimes to minimise tampering.
  • Provide legacy support for end-of-life products and platforms.
  • Run secure software lifecycle development programmes and training for engineers.
  • Is your software/hardware process documented, repeatable, and measurable?
  • How do you stay updated on emerging vulnerabilities?
  • What controls are in place to manage and monitor your production processes?
  • What level of malware protection do you have in place?
  • What physical and digital access controls do you use?
  • How do you assure security throughout the product lifecycle?
  • How do you ensure upstream suppliers adhere to cybersecurity best practices?

What can I do if I'm a supplier?

When it comes to cybersecurity, the stakes are even higher for if you’re within a supply chain rather than at the top. 

Smaller businesses may struggle to cope with the financial and reputational damage of a cyberattack.

This is especially true for suppliers who won’t get a second chance to prove themselves to their clients as more businesses adopt the ‘one strike and you’re out’ rule.

So, what can you do to protect yourself and your clients from supply chain attacks?

Talk to your supply chain partners about cybersecurity

When you have secured your business, you can talk to your supply chain about what they can do. An open discussion can help share resources, experiences and best practice. Equally important, a collaborative approach helps you develop consistent security standards for everyone in the supply chain.

Adopt NCSC Best Practices

The National Cybersecurity Centre (NCSC) is a government organisation that provides best-practice guidance and support for businesses. To combat the increase in supply chain attacks, the NCSC released a guide to supply chain security in 2018.
  1. Understand what you need to protect and why
  2. Know who your suppliers are and what their security looks like
  3. Understand your supply chain risks
  4. Communicate your security needs to your suppliers
  5. Set and communicate minimum security requirements
  6. Build security considerations into your contracting process, and ensure suppliers do the same
  7. Meet your security responsibilities (as a supplier and consumer)
  8. Raise security awareness in your supply chain
  9. Provide support for security incidents
  10. Build assurance activities into your supply chain management process
  11. Encourage continuous cybersecurity improvement in your supply chain
  12. Build trust with suppliers

Enter your details to book a call with an EBS cybersecurity expert

We’ll be in touch within a day of your completing the form.

Google rating

98% CSAT Score

Trusted by over 2000 users

Your experienced technology partner