The National Cyber Security Centre and the National Crime Agency have reported that cyber attacks have increasingly targeted vulnerabilities in full supply chains.
They reported that criminals are ‘capitalising on the gateways provided by privileged accesses and client/supplier relationships’, and that ‘attackers will target the most vulnerable part of a supply chain to reach their intended victim’.
Organisations need to ensure that their suppliers are compliant with their cyber security and that they don’t pose a threat. This can be done via the following steps:
- Assess your supply chain for any cyber risks. Conduct a full assessment of your suppliers and all their safety methods to identify how these could impact on your organisation – and if a system fails or there is a breach, what are the immediate actions you will take?
- Add a clause into your contractual agreements. Ensure that data storage and security breaches are well documented in your agreements with suppliers.
- Ask all suppliers to sign up to third party testing. Cyber Essentials is the main certification that is commonly used, and will ensure that all activities have been assessed and approved by a third party.
- Train your staff and suppliers. Ensuring that all parties involved in cyber safety and security are aware of their responsibilities, and understand the protocols and the possible risks, is a huge part in the process and should mitigate cyber attacks.
Authorities introducing Cyber Essentials certification to bidding process
Contracts that are put out to tender by Government authorities are starting to introduce minimum requirements with regards to cyber security. The Government, like any other organisation, needs to ensure their suppliers are safe and secure and one of the methods that has been introduced is the Cyber Essentials certificate.
Having the Cyber Essentials certificate in place demonstrates to all a company’s suppliers that they are working in a safe environment and do not take the measure lightly, as qualification for the certificate itself requires a stringent process – this should be extended to the full supply chain.
Firms could even face a fine if they do not meet the cyber security laws outlined in a Government proposal from 2017.
Cyber Essentials in bid writing
Executive Compass have the Cyber Essentials Plus certificate in place to ensure that we are a safe supplier to all our clients. You have peace of mind that your tenders, supporting information and company data remain secure and confidential.