As the National Cyber Security Centre provides supply chain mapping advice companies have to ensure that they don’t rely just on ‘trust’


In an ongoing effort to help companies understand and shut the vulnerabilities that lie within their supply chains, the National Cyber Security Centre (NCSC) has issued its latest advice.

It has outlined how companies should consider supply chain mapping (SCM) in order to gain an up-to-date understanding of your network of suppliers, so cyber risks can be better managed.

In the advice the NCSC tells businesses the type of information a SCM should include. It talks about full inventories of suppliers and subcontractors, what product or service is being provided, the information flows between organisations and critically, information from their partner about the processes they have in place to stop a cyber-attack.

It also advises companies to ensure that they an audit in place to find out about their data management, data integrity and management controls for suppliers’ access to physical sites, information systems and intellectual property, as well as any requirements that a company’s direct suppliers are demanding of their own supply chain.

However, much of this information is provided by the partner, meaning that there are huge levels of trust needed between partners. Whilst trust is obviously an essential element of any partnership, with the threat from cyber criminals so large, levels of sophistication increasing all of the time, and supply chains a tempting target, trust is, unfortunately no longer enough, as AJ Thompson, CCO at Northdoor plc explains.

“It is undeniable that the threat to supply chains from cyber criminals is increasing all of the time. It is encouraging then that the NCSC is continuing to place a real emphasis on it.

“Whilst the advice from the NCSC is sensible it relies too much on old methods and cannot do enough to ensure that companies have knowledge of potential vulnerabilities. Paperwork and a reliance on the honesty of your suppliers is not acceptable when the cost of a data breach is so substantial, both in terms of cost, loss of critical data and irreparable damage to reputation.

“Instead, a near real-time view of where vulnerabilities lie across a supply chain is essential for keeping cyber criminals out. No matter how much you spend on your frontline security, if your partners are letting hackers in through the backdoor, any investment is negated.

“Spreadsheets and a reliance on the honesty and knowledge of your partners is not enough. Using innovative technology that utilises AI can give you a 360-degree view of your entire supply chain and where the potential vulnerabilities lie. This enables you to have discussions with existing and potential partners and to shut the vulnerabilities before cyber criminals are able to take advantage.

“The NCSC is right in continuing to highlight the dangers to companies through supply chains. However, companies have to look beyond the traditional approaches to auditing partners and instead embrace a 360-degree view of your entire supply chain, securing data and keeping cyber criminals out,” Thompson concluded.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter