Data breaches have shifted from being a rare occurrence to an almost daily challenge for businesses across the UK. In today’s climate of insecurity, industry giants across multiple sectors have been affected, ranging from Tesco and TalkTalk, to as of this month, The AA. While media attention is often focused on high-profile organisations, the security threat is affecting all parts of the supply chain, with almost two thirds of businesses in the UK reporting a cyberattack or breach in 2015/16. To help manage the growing threat, the UK Government introduced the Cyber Essentials scheme, a set of best practice security recommendations to minimise the risk of cyber-attack.
Security is rising up the agenda for many organisations and an area currently under scrutiny is the use of third-party systems. The use of poorly-secured endpoints, ranging from IoT devices to poorly manufactured or installed CCTV technology is still common, providing backdoor access to a company’s network for any given attacker. In an environment where a company’s data represents its crown jewels, businesses must ask themselves whether they can really afford to trust an unknown party in their business. Are the systems and processes in place to avoid letting an unsecured third-party supplier into their supply chain, or are they exposing themselves to unnecessary and significant risk – operational, reputational and financial in nature?
Continue reading “The key to the crown jewels; why supply chain security is essential under GDPR”