I’m often asked by my fellow colleagues, 'what keeps me up at night?', to which I currently reply, 'an uncomfortable bed'. For those of you who have ever had significant home renovation, I know you will sympathise. Sleeping on the sofa gets old fast – I should be back in my own bed by Christmas!
Apart from the uncomfortable bed, understanding and managing third supply chain risk keeps me from my forty winks. Questions start running though my head as I try to count sheep – what more can I do to tackle security risk and shore up my supply chain? And are my third parties doing to same? I start jotting down notes and then think, this goes beyond security risk. What about auditing, compliance and just managing the workload and complexity of the whole process consistently?
As my fellow security professionals will attest to, complexity is one of the biggest barriers to good security. There’s a web of point solutions which have been added to existing infrastructures, not to mention the multiple ways to produce reports for different business stakeholders. Apply these things to your extended network of third and fourth parties and the process becomes even more acute.
A recent report from ClubCISO reveals that there are far too many organisations relying on ad hoc processes for enforcing security and inconsistent auditing of third parties. So what’s the solution and how can we all get some sleep? Let’s combine our efforts and information across institutions and third parties. By leveraging a common shared platform, we can all benefit from managing third fourth or even fifth party risk. After all, the exchange of information is priceless even though security vigilance means sleeping with one eye open.
CISO Playbook: Supply Chain Cyber Risk Management - Building cyber resilience into your supply chain
Throughout this playbook, you will find practical guidelines to identify and implement effective cyber governance strategies over third parties or business partners.
Please add your details below to download the CISO Playbook: Supply Chain Cyber Risk Management - Building cyber resilience into your supply chain and sign up for Free membership of the Cyber Leadership Institute.
Darren is an Industry Fellow at Chartered Institute of Information Security’s (CIISec), board member and keynote speaker with over 20 years’ cyber leadership experience. Former Group CISO for Qantas Airlines, FinTech Group CISO and executive positions at IBM, Group Chief Information Security Risk Officer for Standard Chartered Bank. He was ranked in the Top 100 Global Chief Information Security Officers (CISO) in 2017 and 2022, and Top 100 Global Cyber Security Influencers 2016 & 2017 by SC Magazine.