Assess the cyber resilience of your supply chain partners
Supply Chain risk management is fundamental to your organisation’s cyber health. Supply chain partners are increasingly putting organisations at risk from their poor cyber security practices; a recent Harvard Business Review (HBR) report suggests that up to 60% of reported cyber-attacks were launched from the IT systems belonging to suppliers or other third parties.
Include security posture measurement in due diligence
Organisations need to establish and maintain a “trusted relationships” with supply chain participants and that begins with:
- a better understanding of the cyber posture of your counter-parties, and;
- an ability to quickly respond to any change in that circumstance.
Typically, organisations undertake a level of due diligence before entering into a supply chain agreement; this used to include: product quality, commercial performance and legal undertakings. It now means more; it means shared security standards, IT audit rights and even vendor security risk ratings to better manage your organisation’s cyber security position.
Download the Supply Chain Risk infographic
Learn how to measure supply chain risk
How can you quantify trust and cyber posture of your supply chain partners as it relates to your business risk? Huntsman Security’s Essential 8 Scorecard delivers an aggregate score that allows your stakeholders to instantly measure cyber posture against up to eight key security controls. Imagine being able to automatically report the following to your risk and compliance team:
- A summary measure of cyber resilience and hence residual security risk of each chain partner
- Visualised partner performance against key security controls, including trends over time
- Having established
- a baseline against which improving cyber resilience can be measured,
- a league table that visualises cyber resilience status of all supply chain partners, their ranking against an established baseline and identification of any remediation required.
Supply chain security monitoring delivers instant visibility
Being able to access business metrics, when you want them, is very important. The software automatically collects data and creates the Security Scorecard and management report that provides instant or scheduled visibility of security performance to the security operations, risk and compliance teams. An aggregated report also provides the Board with a summary measure of the status of threats, by supply chain partner, and their potential risk to business operations.
The underlying security scorecard technology gathers data from key security sources within the partner ICT environment to report their ongoing security operations and define any shortcomings.
The functionality provides summary and detailed status of eight security controls including:
- Patching and vulnerability management of systems and applications
- Application whitelisting, patching, configuration and macro execution control
- User management and authentication
- Privilege management
- Backups
The same functionality forms the underpinnings of our ACSC Essential Eight compliance capability. Additionally it includes many of the controls recommended by the UK Government’s NCSC Top 10.
Improve the communication of your cyber security position
Measuring the key metrics of your supply chain partners’ cyber security position enables risk based cyber security decision-making, identifies partners requiring particular assistance and drives cyber risk mitigation across the broader enterprise supply chain. It gives management the key insights necessary to evaluate and manage the cyber health and competitiveness of your business.