Assessing the visibility of supply chain risks

How can you assess the visibility of supply chain risk?

“Different organisations – customers, suppliers – have different views about risk appetite and different objectives.“

Marc Avery, CISO and founder of the Cyberchain Alliance, talks to Sooraj Shah about why building a standard level of security and resilience into supply chains is difficult.

Marc Avery was a speaker at the very popular R3 cyber security conference, which ran from 15 to 24 September 2020. If you missed it, then it’s not too late: you can still watch on demand.

Video transcript:

How can you assess the visibility of supply chain risk?

Supply chain risk can be quite complex and it's worth stepping back and understanding why that complexity exists. One of the reasons I believe is a fundamental contributor to the war was that complexity is the fact that different organisations, be that the customers or the suppliers, have different views towards risk and different appetites.

And they have different business objectives and outcomes and priorities. And actually, that that's where it starts to get a little bit messy. Trying to get services from suppliers and building a standard level of resilience is really difficult because you're trying to fit things into organisations that isn't necessarily possible.

I think it's key to understand how you can overcome that as well. And one of the first ways to do that is build healthy relationships and strong relationships with those suppliers. Understand what their business objectives are, their priorities, so that in the event that you do need to use an alternative service or you have an outage or an incident, you can understand what potential impacts will be and how quickly you can recover from that.

There are various foundations for relying upon supplier services, be that business continuity standards, security standards. That should form a foundation, but shouldn't be solely relied upon. And really understanding those organisations in a lot more detail will allow you to have a much more thorough understanding and we change that complexity of supply chain.

Copyright Lyonsdown Limited 2021

Top Articles

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Institute of Cyber Digital Investigation Professionals launched

CIISec & College of Policing are announcing the independent launch of the Institute of Cyber Digital Investigation Professionals (ICDIP)

Related Articles