Supply chain cyber security: new guidance from the NCSC
Many of us rely on suppliers to deliver products, systems, and services. It’s how we do business.
However, supply chains are often large and complex, which makes it difficult to know if you have enough protection in place.
In recent years there’s been a significant increase in the number of cyber attacks resulting from vulnerabilities within the supply chain. These attacks can result in devastating, expensive and long-term ramifications for affected organisations, their supply chains and their customers.
But despite these risks, many companies lose sight of their supply chains. In fact, according to the DCMS 2022 Security Breaches Survey, just over one in ten businesses review the risks posed by their immediate suppliers (13%), and the proportion for the wider supply chain is half that figure (7%).
To address these challenges, the NCSC has published new guidance ‘How to assess and gain confidence in your supply chain cyber security‘. It’s aimed at medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers.
More specifically, this guidance:
- describes typical supplier relationships, and ways that organisations are exposed to vulnerabilities and cyber attacks via the supply chain
- defines expected outcomes and key steps to help you assess your supply chain’s approach to cyber security
- answers common questions you may encounter as you work through the guidance
- is a response to the UK government’s call for views on supply chain security (November 2021) which highlighted the need to provide further guidance that can be converted into tangible and actionable practices
The guidance is aimed at procurement specialists, risk managers and cyber security professionals wanting to establish (or improve) an approach for assessing the cyber security of their organisation’s supply chain. It can be applied ‘from scratch’, or can build upon any existing risk management techniques and approaches that you may have in use.
For guidance about how to implement cyber security with your own organisation, please refer to the NCSC’s 10 Steps to Cyber Security guidance. Smaller organisations should refer to our Small Business Guide to Cyber Security.
We’re always looking to improve our guidance, so if you have any feedback on the please get in touch via the Enquiries team.
Ian McCormack
Deputy Director for Government, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.