Chief Information Security Officers (CISOs) need to provide specialist cyber security knowledge to reduce risks of cyber attacks in the supply chain by becoming a critical component in the procurement of vendors, according to new research revealed by Cyber Security Connect UK, the influential cyber security forum that is held annually in Monaco during November.
The findings from the ‘CISO and vendor relationships in the supply chain’ report from Cyber Security Connect UK (CSCUK) indicates that there is a fragmented approach to cyber security in the supply chain and that a high level of risks are present which need to be closely monitored and reviewed.
CISOs believe that supply chain cyber security should be an integral part of product and service delivery. Business managers are less aware of the weaknesses and threats of cyber attacks, therefore CISOs need to have a greater level of influence in the procurement process to reduce risks.
Mark Walmsley, the chair of the Cyber Security Connect UK steering committee and CISO at Freshfields Bruckhaus Deringer, said: “CISOs believe that businesses need to take stronger steps to establish robust procedures that minimise cyber security risks within the supply chain. We found that 97% of CISOs see the supply chain as a source of risk, so there is an urgent commitment needed to mitigate risk exposure when undertaking a procurement exercise.
“CISOs expect vendors to adopt policies and procedures that provide stronger security controls. While system and network administrators can be guilty of system misconfigurations, poor patch management practices and the use of weak passwords, ongoing auditing and due diligence can guard against potential threats.
“Fragmented standards and cross-border working exposes some sectors to greater risk. Ultimately international agreement will be necessary to tighten up on protecting against cyber attacks and theft of data assets and intellectual property.”
Supply chain relationships between CISOs and vendors will feature at CSCUK 2019 in November. CSCUK is a unique cyber security conference that allows senior high-level CISOs the opportunity to meet peers from across all market sectors. The closed-event is solely for the CISO community and provides a dedicated forum for networking with like-minded peers across multiple sectors.
A copy of ‘CISO and vendor relationships in the supply chain’ is available from the CSCUK website together with details of the conference programme and how to register as a delegate