What keeps a CISO awake? An uncomfortable bed … and my third party supply chain
I’m often asked by my fellow colleagues, 'what keeps me up at night?', to which I currently reply, 'an uncomfortable bed'. For those of you who have ever had significant home renovation, I know you will sympathise. Sleeping on the sofa gets old fast – I should be back in my own bed by Christmas!
Apart from the uncomfortable bed, understanding and managing third supply chain risk keeps me from my forty winks. Questions start running though my head as I try to count sheep – what more can I do to tackle security risk and shore up my supply chain? And are my third parties doing to same? I start jotting down notes and then think, this goes beyond security risk. What about auditing, compliance and just managing the workload and complexity of the whole process consistently?
As my fellow security professionals will attest to, complexity is one of the biggest barriers to good security. There’s a web of point solutions which have been added to existing infrastructures, not to mention the multiple ways to produce reports for different business stakeholders. Apply these things to your extended network of third and fourth parties and the process becomes even more acute.
A recent report from ClubCISO reveals that there are far too many organisations relying on ad hoc processes for enforcing security and inconsistent auditing of third parties. So what’s the solution and how can we all get some sleep? Let’s combine our efforts and information across institutions and third parties. By leveraging a common shared platform, we can all benefit from managing third fourth or even fifth party risk. After all, the exchange of information is priceless even though security vigilance means sleeping with one eye open.